[389-users] Importing certificates during setup-ds.pl - is this possible?
Chun Tat David Chu
beyonddc.storage at gmail.com
Tue Dec 25 03:47:14 UTC 2012
Hi Graham,
I too haven't done enabling SSL using setup-ds.pl, and I don't believe
setup-ds.pl was written to allow you to configure SSL as part of directory
server initial setup.
Of course you can modify setup-ds.pl per your need to configure SSL in one
shot but now you will be maintaining your own version of setup-ds.pl and
you have to keep in sync with the latest setup-ds.pl if you decide to
reinstall the LDAP with the latest version or for other reasons.
What I have been doing is similar to what Vlad suggested. I ran
setup-ds.plfirst and then run my own script to configure SSL and
replication. I
believe the Red Hat Directory Server Administration has instructions on how
to configure SSL via command-line.
Good luck!
- dc
On Mon, Dec 24, 2012 at 6:32 AM, Graham Leggett <minfrin at sharp.fm> wrote:
> On 24 Dec 2012, at 12:52 PM, Vlad <vovan at vovan.nl> wrote:
>
> > I don't see the problem. Simply install DS without SSL and then:
> > 1. use ldapmodify to import SSL settings (see the example below)
> > 2. use pk12util tiu import certificate
> > 3. use certutil to change trusts
> > All the things above could be done completely unattended…
>
> The problem is that the above shouldn't be necessary, because setup-ds.plhas the INF file and ConfigFile options to provide the config in one go.
> This ConfigFile mechanism is rendered useless, because there is no ability
> to configure the certificate database in advance.
>
> Regards,
> Graham
> --
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20121224/fd3a27d1/attachment.html>
More information about the 389-users
mailing list