[389-users] Want to change the hostname of my 389-box. Is there an easy way to fix the cert?
Ray
ray at renegade.zapto.org
Tue Sep 18 15:57:47 UTC 2012
Hi Alberto,
thanks for the instructions. I have two more questions:
1) The labels DS_Server_cert_label and Admin_Server_cert_label are
completely my choice, right?
2) How about the AC_cert_label though? Where does that come from?
Cheers,
Ray
Am 18.09.2012 11:56, schrieb Alberto Suárez:
> If you have toruble with the script, try this:
>
> 1. Produce the new DS server certificate:
>
> certutil -S -n "DS_Server_cert_label"
> -s "cn=myhost.myorg.example.com” -c “AC_cert_label”
> -t “u,u,u” -m 1001 -v 120 -d . -k rsa -f
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 2. Export it to p12 format:
>
> pk12util -d . -o directoryserver.p12 -n “DS_Server_cert_label"
> -w /etc/dirsrv/slapd-myhost/pwdfile.txt -k
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 3. Produce the new Admin server certificate:
>
> certutil -S -n "Admin_Server_cert_label"
> -s "cn=myhost.myorg.example.com,ou=389 Administration Server” -c
> “AC_cert_label” -t “u,u,u” -m 1002 -v 120 -d /etc/dirsrv/slapd-myhost
> -k rsa -f /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 4. Export it to p12 format:
>
> pk12util -d . -o adminserver.p12 -n “Admin_Server_cert_label"
> -w /etc/dirsrv/slapd-myhost/pwdfile.txt -k
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 5. Import into Admin server database:
>
> pk12util -d . -i /etc/dirsrv/admin-serv/adminserver.p12 -n
> “Admin_Server_cert_label" -w /etc/dirsrv/slapd-myhost/pwdfile.txt -k
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 6. Now import DS cert into Admin server's database
>
> pk12util -d . -i /etc/dirsrv/admin-serv/adminserver.p12 -n
> “Admin_Server_cert_label" -w /etc/dirsrv/slapd-myhost/pwdfile.txt -k
> /etc/dirsrv/slapd-myhost/pwdfile.txt
>
> 7. In "Manage certificates" window, replace the old DS cert by the
> new one.
>
> Hope this helps,
>
> Alberto
>
> Ray wrote:
>> Hi,
>>
>> I am running a 389 box with TLS enabled. Now I would like to change
>> the
>> hostname, which would render the current certificate invalid. Is
>> there
>> an easy way to create a new certificate with the new hostname?
>>
>> Cheers,
>> Ray
>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list