[389-users] Want to change the hostname of my 389-box. Is there an easy way to fix the cert?

Ray ray at renegade.zapto.org
Tue Sep 18 15:57:47 UTC 2012 

Hi Alberto,

thanks for the instructions. I have two more questions:

1) The labels DS_Server_cert_label and Admin_Server_cert_label are 
completely my choice, right?

2) How about the AC_cert_label though? Where does that come from?

Cheers,
Ray

Am 18.09.2012 11:56, schrieb Alberto Suárez:
> If you have toruble with the script, try this:
>
> 1. Produce the new DS server certificate:
>
> certutil -S -n "DS_Server_cert_label"
> -s "cn=myhost.myorg.example.com” -c “AC_cert_label”
> -t “u,u,u” -m 1001 -v 120 -d . -k rsa -f 
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 2. Export it to p12 format:
>
> pk12util -d . -o directoryserver.p12 -n “DS_Server_cert_label"
> -w /etc/dirsrv/slapd-myhost/pwdfile.txt -k
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 3. Produce the new Admin server certificate:
>
> certutil -S -n "Admin_Server_cert_label"
> -s "cn=myhost.myorg.example.com,ou=389 Administration Server” -c
> “AC_cert_label” -t “u,u,u” -m 1002 -v 120 -d /etc/dirsrv/slapd-myhost
> -k rsa -f /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 4. Export it to p12 format:
>
> pk12util -d . -o adminserver.p12 -n “Admin_Server_cert_label"
> -w /etc/dirsrv/slapd-myhost/pwdfile.txt -k
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 5. Import into Admin server database:
>
> pk12util -d . -i /etc/dirsrv/admin-serv/adminserver.p12 -n
> “Admin_Server_cert_label" -w /etc/dirsrv/slapd-myhost/pwdfile.txt -k
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 6. Now import DS cert into Admin server's database
>
> pk12util -d . -i /etc/dirsrv/admin-serv/adminserver.p12 -n
> “Admin_Server_cert_label" -w /etc/dirsrv/slapd-myhost/pwdfile.txt -k
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 7. In "Manage certificates" window, replace the old DS cert by the 
> new one.
>
> Hope this helps,
>
> Alberto
>
> Ray wrote:
>> Hi,
>>
>> I am running a 389 box with TLS enabled. Now I would like to change 
>> the
>> hostname, which would render the current certificate invalid. Is 
>> there
>> an easy way to create a new certificate with the new hostname?
>>
>> Cheers,
>> Ray
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list