[389-users] inf file directive for CA certificate file

Rich Megginson rmeggins at redhat.com
Fri Jun 14 17:21:18 UTC 2013


This is a bug.
Please file a ticket at https://fedorahosted.org/389/newticket

On 06/14/2013 11:09 AM, Jovan.VUKOTIC at sungard.com wrote:
>
> Thanks Rich,
>
> Still, there is a difference when CA certificate is supplied when 
> prompted and when listed in inf file.
>
> In the latter case, neither the certificate will be imported, nor 
> adm.conf will be updated with the ldap url submitted.
>
> In the interactive mode, CA certificate  gets imported in Admin Server 
> cert8.db.
>
> I will refrain from using it in inf files.
>
> *Jovan Vukotić* • Senior Software Engineer • Ambit Treasury Management 
> • SunGard • Banking • Bulevar Milutina Milankovića 136b, Belgrade, 
> Serbia • tel: +381.11.6555-66-1 • jovan.vukotic at sungard.com 
> <mailto:jovan.vukotic at sungard.com>
>
> *From:*Rich Megginson [mailto:rmeggins at redhat.com]
> *Sent:* Friday, June 14, 2013 3:26 PM
> *To:* General discussion list for the 389 Directory server project.
> *Cc:* Vukotic, Jovan
> *Subject:* Re: [389-users] inf file directive for CA certificate file
>
> On 06/14/2013 05:47 AM, Jovan.VUKOTIC at sungard.com 
> <mailto:Jovan.VUKOTIC at sungard.com> wrote:
>
>     Hi,
>
>     We are starting installations of four 389 DS, version 1.2.11 and
>     would like to pass an inf file together with command line
>     parameters to
>
>     setup-ds-admin.pl script.
>
>     At the moment we have one 389 DS instance installed where
>     Configuration Directory (o=NetscapeRoot ) is placed and where
>     TLS/SSL is enabled.
>
>     However, I cannot find an inf file directive for CA certificate
>     file that we are prompted to supply when the script is run
>     interactively. We need that file since a ldap URL to configuration
>     directory is supplied in the form
>
>     ldap*s*://ds1.example.com:636/o=NetscapeRoot
>
>
> The directive is called CACertificate in the [General] section.  The 
> value can either be the full absolute path and file name of the file 
> containing the cert, or the actual PEM cert data e.g.
>
> [General]
> CACertificate = /path/to/cacert.asc
>
> or
>
> [General]
> CACertificate = -----BEGIN CERTIFICATE-----\
> ASJAdf0987aasdfl....\
> more lines here\
> ....
>
> Thanks in advance,
> Jovan Vukotic
>
> *Jovan Vukotić* • Senior Software Engineer • Ambit Treasury Management 
> • SunGard • Banking • Bulevar Milutina Milankovića 136b, Belgrade, 
> Serbia • tel: +381.11.6555-66-1 • jovan.vukotic at sungard.com 
> <mailto:jovan.vukotic at sungard.com>
>
> *Join the online conversation with SunGard’s customers, partners and 
> Industry experts and find an event near you at: **www.sungard.com/ten* 
> <http://www.capitalize-on-change.com/?email=70150000000Y1Et>*. *
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org  <mailto:389-users at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130614/8fd0afd0/attachment.html>


More information about the 389-users mailing list