[389-users] inf file directive for CA certificate file

Jovan.VUKOTIC at sungard.com Jovan.VUKOTIC at sungard.com
Fri Jun 14 17:09:02 UTC 2013


Thanks Rich,

Still, there is a difference when CA certificate is supplied when prompted and when listed in inf file.
In the latter case, neither the certificate will be imported, nor adm.conf will be updated with the ldap url submitted.

In the interactive mode, CA certificate  gets imported in Admin Server cert8.db.

I will refrain from using it in inf files.


Jovan Vukotić • Senior Software Engineer • Ambit Treasury Management • SunGard • Banking • Bulevar Milutina Milankovića 136b, Belgrade, Serbia • tel: +381.11.6555-66-1 • jovan.vukotic at sungard.com<mailto:jovan.vukotic at sungard.com>




From: Rich Megginson [mailto:rmeggins at redhat.com]
Sent: Friday, June 14, 2013 3:26 PM
To: General discussion list for the 389 Directory server project.
Cc: Vukotic, Jovan
Subject: Re: [389-users] inf file directive for CA certificate file

On 06/14/2013 05:47 AM, Jovan.VUKOTIC at sungard.com<mailto:Jovan.VUKOTIC at sungard.com> wrote:
Hi,

We are starting installations of four 389 DS, version 1.2.11 and would like to pass an inf file together with command line parameters to
setup-ds-admin.pl script.
At the moment we have one 389 DS instance installed where Configuration Directory (o=NetscapeRoot ) is placed and where TLS/SSL is enabled.

However, I cannot find an inf file directive for CA certificate file that we are prompted to supply when the script is run interactively. We need that file since a ldap URL to configuration directory is supplied in the form
ldaps://ds1.example.com:636/o=NetscapeRoot

The directive is called CACertificate in the [General] section.  The value can either be the full absolute path and file name of the file containing the cert, or the actual PEM cert data e.g.

[General]
CACertificate = /path/to/cacert.asc

or

[General]
CACertificate = -----BEGIN CERTIFICATE-----\
ASJAdf0987aasdfl....\
more lines here\
....


Thanks in advance,
Jovan Vukotic

Jovan Vukotić • Senior Software Engineer • Ambit Treasury Management • SunGard • Banking • Bulevar Milutina Milankovića 136b, Belgrade, Serbia • tel: +381.11.6555-66-1 • jovan.vukotic at sungard.com<mailto:jovan.vukotic at sungard.com>

Join the online conversation with SunGard’s customers, partners and Industry experts and find an event near you at: www.sungard.com/ten<http://www.capitalize-on-change.com/?email=70150000000Y1Et>.





--

389 users mailing list

389-users at lists.fedoraproject.org<mailto:389-users at lists.fedoraproject.org>

https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130614/e2981a3d/attachment.html>


More information about the 389-users mailing list