[389-users] inf file directive for CA certificate file
Rich Megginson
rmeggins at redhat.com
Fri Jun 14 17:21:18 UTC 2013
This is a bug.
Please file a ticket at https://fedorahosted.org/389/newticket
On 06/14/2013 11:09 AM, Jovan.VUKOTIC at sungard.com wrote:
>
> Thanks Rich,
>
> Still, there is a difference when CA certificate is supplied when
> prompted and when listed in inf file.
>
> In the latter case, neither the certificate will be imported, nor
> adm.conf will be updated with the ldap url submitted.
>
> In the interactive mode, CA certificate gets imported in Admin Server
> cert8.db.
>
> I will refrain from using it in inf files.
>
> *Jovan Vukotić* • Senior Software Engineer • Ambit Treasury Management
> • SunGard • Banking • Bulevar Milutina Milankovića 136b, Belgrade,
> Serbia • tel: +381.11.6555-66-1 • jovan.vukotic at sungard.com
> <mailto:jovan.vukotic at sungard.com>
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Friday, June 14, 2013 3:26 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Vukotic, Jovan
> *Subject:* Re: [389-users] inf file directive for CA certificate file
>
> On 06/14/2013 05:47 AM, Jovan.VUKOTIC at sungard.com
> <mailto:Jovan.VUKOTIC at sungard.com> wrote:
>
> Hi,
>
> We are starting installations of four 389 DS, version 1.2.11 and
> would like to pass an inf file together with command line
> parameters to
>
> setup-ds-admin.pl script.
>
> At the moment we have one 389 DS instance installed where
> Configuration Directory (o=NetscapeRoot ) is placed and where
> TLS/SSL is enabled.
>
> However, I cannot find an inf file directive for CA certificate
> file that we are prompted to supply when the script is run
> interactively. We need that file since a ldap URL to configuration
> directory is supplied in the form
>
> ldap*s*://ds1.example.com:636/o=NetscapeRoot
>
>
> The directive is called CACertificate in the [General] section. The
> value can either be the full absolute path and file name of the file
> containing the cert, or the actual PEM cert data e.g.
>
> [General]
> CACertificate = /path/to/cacert.asc
>
> or
>
> [General]
> CACertificate = -----BEGIN CERTIFICATE-----\
> ASJAdf0987aasdfl....\
> more lines here\
> ....
>
> Thanks in advance,
> Jovan Vukotic
>
> *Jovan Vukotić* • Senior Software Engineer • Ambit Treasury Management
> • SunGard • Banking • Bulevar Milutina Milankovića 136b, Belgrade,
> Serbia • tel: +381.11.6555-66-1 • jovan.vukotic at sungard.com
> <mailto:jovan.vukotic at sungard.com>
>
> *Join the online conversation with SunGard’s customers, partners and
> Industry experts and find an event near you at: **www.sungard.com/ten*
> <http://www.capitalize-on-change.com/?email=70150000000Y1Et>*. *
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130614/8fd0afd0/attachment.html>
More information about the 389-users
mailing list