[Fedora-directory-users] adding ssl from the FMC

Rich Megginson rmeggins at redhat.com
Tue Dec 2 15:35:35 UTC 2008 

McManus, Thomas wrote:
>
> I've been trying for the last 2 days to setup SSL on FDS without any 
> luck and little feedback. Following the Redhat Directory Server 8.0 
> Administration Guide, Chapter 11, I've tried to install a local 
> certificate both through the console and at the command line using 
> certutil.
>
What platform? What version of fedora ds? rpm -qi fedora-ds-base
>
> From the console going through every step. In step 2 the DN is:
>
> CN="ldap1.chip.org", OU="CHIP", O="Childrens Hospital Boston", 
> L="Boston", ST="Massachusetts", C="US"
>
> In step 3 I get:
>
> Unable to convert DN to certificate name.
>
This is a known console problem - try omitting the double quotes - you 
should not need them
>
> Using the certutil these commands worked:
>
> certutil -N -d . -f pwdfile -P slapd-ldap1 certutil -S -n "CA 
> certificate" -s "cn=Childrens Hospital Informatics Program, dc=chip, 
> dc=org" -x -t "CT,," -m 1000 -v 120 -d . -k rsa -g 1024 -f pwdfile -P 
> slapd-ldap1 certutil -S -n "Server-Cert" -s "cn=ldap1.chip.org,cn=DS1" 
> -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa -g 1024 -f 
> ./pwdfile -P slapd-ldap1 certutil -d . -L -n "CA certificate" -a > 
> cacert.asc -P slapd-ldap1
>
Why are you specifying -P? You should not need to do that anymore. Where 
in the instructions does it say to do that?
>
> Using the pk12util failed
>
> pk12util -d . -o ldap1.p12 -n Server-Cert1 -w ./pwdfile.txt -k 
> ./pwdfile.txt The error is: pk12util: find user certs from nickname 
> failed: security library: bad database.
>
You are missing the -P
>
> I've run these 2 programs multiple times and googled to no avail. 
> Could anyone help with this?
>
> Tom McManus
>
> System Manager II
>
> Research Computing
>
> Children’s Hospital Boston
>
> 300 Longfellow Ave., Enders 146.1
>
> Boston MA 02115
>
> Office: 617 919 2308
>
> Mobile: 617 997 2665
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20081202/c480d20e/attachment.bin>

More information about the 389-users mailing list