On 09/23/2011 02:58 PM, Rich Megginson wrote:
On 09/23/2011 02:53 PM, Orion Poplawski wrote:
> On 09/23/2011 01:44 PM, Rich Megginson wrote:
>> On 09/23/2011 01:24 PM, Orion Poplawski wrote:
>>> Does it matter that they aren't
>>> showing up with certutil?
>
>> Yes.
>
> That's what I thought so I used certutil as well. The console then showed
> those entries with the names I gave them with certutil.
So they are showing up in the console but not certutil? Any difference between
certutil -d /etc/dirsrv/slapd-hostname -L
and
certutil -d /etc/dirsrv/admin-serv -L
? That is, perhaps they were added to the admin server but not the directory
server?
Good catch - the ones I added through the console are in admin-serv. I
definitely connected to the directory server though and not the admin server.
>> Are these chained to a well-known root CA? If so, you can add
those to the
>> directory server CA certs list:
>>
http://directory.fedoraproject.org/wiki/Howto:SSL#Viewing_the_list_of_bui...
>>
>
> The top in the bundle is
www.valicert.com, for which I haven't had trouble
> with for browsers and the like. I'm not having any luck with linking in the
> library and seeing the root CAs.
so if you link the library, and then do
certutil -d /etc/dirsrv/slapd-hostname -L
you don't see any of those CA certs?
Correct. Not with certutil or in 389-console
Try stopping the directory server before using certutil.
No help.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion(a)cora.nwra.com
Boulder, CO 80301
http://www.cora.nwra.com