depending on your version of 389, look at "dsctl <instance
name> tls
import-ca"
{william@ldapkdc 9:12} ~/development $ dsctl localhost tls import-ca
--help
usage: dsctl [instance] tls import-ca [-h] cert_path nickname
positional arguments:
cert_path The path to the x509 cert to import as a server CA
nickname The name of the certificate once imported
optional arguments:
-h, --help show this help message and exit
This allows you to import a PEM CA file. There are a number of other
helpers under the tls subcommand to make cert management easier.
all this is pretty new, right?
I can't recall reading this last time I checked docs.
anyway, my main problem is that to deploy a node in a truly unattended mode It
shouldn't pause at CSR request and continue when CA sign certificates, so I'm
trying to have some preconfigured cert databases and signed certs.
If there's no way to do that, I can't dynamically create and destroy nodes.
the other option is letting the loadbalancer handle encryption, but official docs are very
aggressive against that option, but I wonder if I should ignore that recommendation and
encrypt at LB level.
any hints?
abosch
-- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer
annex, es dirigeix exclusivament a la persona que n'es destinataria i pot contenir
informacio confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a
terceres persones sense permis expres de l'IMAS. Si no sou la persona destinataria que
s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu
immediatament a l'adreca electronica de la persona remitent. Abans d'imprimir
aquest missatge, pensau si es realment necessari.