[389-users] How to change certificate options using 389-console ?
Arpit Tolani
arpittolani at gmail.com
Tue May 8 00:56:35 UTC 2012
Hie
On Mon, May 7, 2012 at 11:42 PM, Addison Laurent <alaurent at cise.ufl.edu>wrote:
> I'm trying to add a new server, and will need to use SSL, of course.
> But all the instructions tell how to generate a self-signed CA, but
> we've got real signed certs on the other servers, and so I'm trying to
> generate a CSR for the new one.
>
>
> Generating one from the 389-console is only giving me a 1024-bit key,
> and 2048 is required.
>
>
> I see that running the cert request from the command line is not the
> preferred option, but how else can I change the parameters for the cert
> request?
>
>
> In order to generate a 2048-bit ASCII certificate request, certain
options must be specified as seen in the example below:
# certutil -R -d /database/directory/ -s
"cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048
Where:
-R - Specifies that a certificate request file be generated
-d - Specifies the database directory
-s - Specifies the subject
-a - Specifies the use of ASCII format
-g - Specifies the keysize
After successful creation, the request can be sent to the certificate
authority for signing.
Arpit Tolani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120508/9542c703/attachment.html>
More information about the 389-users
mailing list