[389-users] How to export CA certificate into client from server
Grzegorz Dwornicki
gd1100 at gmail.com
Fri Jul 27 23:35:43 UTC 2012
Well back in centos/redhat/fedora directory server this could be done like
this:
First you should check what certificates names you have in certutil
database. In slapd directory type:
certutil -d . -L
this should show you all certificates in database (server certificates
aswell). Usualy CA certs are named soo you could recognize them.
Now you need to chose the CA certificate from the list and use it in this
command:
certutil -d . -L -n "THE_NAME_OF_YOU_CA_CERT_HERE" -a > /root/ds-ca.crt
I did not use much 389 but i think this should work on 389 as well as on
el5 distros where I've tested this way of exporting certs.
Rest of atricle should be clear now. Remember to enable ssl/tls or starttls
on 389.
Good luck
Grzegorz
2012/7/27 fosiul alam <expertalert at gmail.com>
> HI i have installed ssl certificate from bellow script
> https://github.com/richm/scripts/blob/master/setupssl2.sh
>
> it went fine.
> but I dont understand, how will i create Certificate file for the clients.
>
> according to documentation :
> http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients
> i need to expoert CA cert from ASCII which is
> cacert.asc , but dont understand how will i do that
>
> I have cacert.asc in /etc/dirsrv/slapd-instance directory
> but dont know how to export cert file into client
>
> /etc/openldap/cacerts/
>
> I am trying this from last couple of day.
> can any one please help me .
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120728/4b546947/attachment.html>
More information about the 389-users
mailing list