[389-users] How to change certificate options using 389-console ?
Addison Laurent
alaurent at cise.ufl.edu
Mon May 7 22:02:03 UTC 2012
Now I can't find the old posting from 389-users from 2009, IIRC, where
Rich said "Don't do that".
But I'm trying it command line now - thanks a bunch, Ryan - and we'll
see.
But as far as I can tell, the 389-console is only going to try and
generate a 1024 bit key, and that's no longer acceptable to Verisign and
others - we can't get a key with less than 2048 bits now.
Is this configurable? It seems it should be?
Thanks,
Addison
On Mon, 2012-05-07 at 12:26 -0600, Groten, Ryan wrote:
> Never knew command line is frowned upon. I used command line to generate my cert requests as well since the gui can't do things like SAN. Haven't had any issues generating my certreqs that way. Once the certificate comes back I use the gui to import.
>
> -----Original Message-----
> From: 389-users-bounces at lists.fedoraproject.org [mailto:389-users-bounces at lists.fedoraproject.org] On Behalf Of Addison Laurent
> Sent: Monday, May 07, 2012 12:13 PM
> To: 389-users at lists.fedoraproject.org
> Subject: [389-users] How to change certificate options using 389-console ?
>
> I'm trying to add a new server, and will need to use SSL, of course.
> But all the instructions tell how to generate a self-signed CA, but we've got real signed certs on the other servers, and so I'm trying to generate a CSR for the new one.
>
>
> Generating one from the 389-console is only giving me a 1024-bit key, and 2048 is required.
>
>
> I see that running the cert request from the command line is not the preferred option, but how else can I change the parameters for the cert request?
>
>
> Thanks,
> Addison
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> This communication, including any attached documentation, is intended only for the person or entity to which it is addressed, and may contain confidential, personal and/or privileged information. Any unauthorized disclosure, copying, or taking action on the contents is strictly prohibited. If you have received this message in error, please contact us immediately so we may correct our records. Please then delete or destroy the original transmission and any subsequent reply.
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list