Craig White wrote:
On Thu, 2005-12-08 at 13:27 -0700, Richard Megginson wrote:
>Craig White wrote:
>
>
>
>>On Thu, 2005-12-08 at 13:00 -0700, Richard Megginson wrote:
>>
>>
>>
>>
>>>Craig White wrote:
>>>
>>>
>>>
>>>
>>>
>>>>Trying to follow instructions at
>>>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158
>>>>
>>>>Step #8
>>>>Copy the key3.db and cert8.db you created to the default databases
>>>>created at Directory Server installation:
>>>>
>>>>where is this 'default databases'?
>>>>
>>>>/opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>/opt/fedora-ds/alias/slapd-srv1-key3.db
>>>/opt/fedora-ds/alias/slapd-srv1-cert8.db
>>>
>>>
>>>
>>>
>>----
>>OK - well that was where I created them...
>>
>># ls -l /opt/fedora-ds/alias/
>>total 520
>>-rw------- 1 nobody nobody 65536 Dec 8 12:55 admin-serv-srv1-cert8.db
>>-rw------- 1 nobody nobody 16384 Dec 8 12:55 admin-serv-srv1-key3.db
>>-rw------- 1 root root 65536 Dec 8 11:18 cert8.db
>>-rw------- 1 root root 2644 Dec 8 11:18 cert.pk12
>>-rw------- 1 root root 16384 Dec 8 11:18 key3.db
>>-rwxr-xr-x 1 root nobody 194880 Nov 29 15:06 libnssckbi.so
>>-rw-r--r-- 1 root root 55 Dec 8 11:09 noise.txt
>>-rw------- 1 root root 9 Dec 8 11:09 pwdfile.txt
>>-rw------- 1 nobody nobody 16384 Dec 6 08:46 secmod.db
>>-rw------- 1 nobody nobody 65536 Dec 8 10:55 slapd-srv1-cert8.db
>>-rw------- 1 nobody nobody 16384 Dec 8 10:55 slapd-srv1-key3.db
>>
>>I didn't see them listed anywhere in the console.
>>
>>
>>
>>
>Didn't see what listed anywhere in the console?
>
>
----
the certificates that I generated using certutil. I never could find
evidence of them in any console.
They have to be in the file called slapd-name-cert8.db - it won't find
them if they are in cert8.db.
The files listed above I am certain
were generated by openssl creation of the CA certificate and using that
to sign the requests from the Server Certs portions of the
Administration and Directory Consoles - and 'installing' them in the
console...because of the time signatures.
----
>I think the directions mean "copy your new key3.db over
>slapd-srv1-key3.db and copy your new cert8.db over
>slapd-srv1-cert8.db". When you do this, make sure slapd isn't running,
>and make sure you retain the old ownership and permissions of those
>files (e.g. nobody:nobody and 0600). Slapd (uid nobody) has to open
>those files in read-write mode.
>
>
>
----
it would appear that having the above contents of /opt/fedora-ds/alias
and the db files chmod 600 nobody:nobody as per above - that even though
I generated them ultimately with openssl and not certutil and they are
listed in both Administration and Directory consoles in both CA Certs
and Server Certs that I am good to go to next step.
Ok.
Thanks
Craig
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users