[Fedora-directory-users] Generating and installing certificates for Fedora-ds 1.1.0 usig Openssl base CA
Howard Wilkinson
howard at cohtech.com
Wed Feb 6 15:27:41 UTC 2008
We have a CA using our corporate certificate which we want to sign our
certificates for the fedora-ds and clients.
I am trying to work out how to do this. The setupssl2 script works fine
in generating and installing a self-signed certifictae on the server(s)
but we now want to generate and sign using our CA.
Does anybody have a set of instructions that would cover this case?
In particular I would like to understand when the use of certutil is
mandatory and when it can be replaced with one or more openssl commands.
Eventually I would like to be able to configure the server using the
setup-ds-admin script with a certificate already pre-generated by
openssl quoted as the CACertificate parameter.
One complication to all of this is that we need to assign a number of
SubjectAltNames to the certificates so that a server may have multiple
identities!
Regards, Howard
More information about the 389-users
mailing list