Thanks, I am up to setting up the cert.

I was missing a critical step (or two).

 

rpm -e 389-adminutil-devel 389-ds-base-devel

rpm -e --nodeps 389-ds-console 389-admin-console 389-ds 389-dsgw

rpm -e --nodeps 389-admin 389-adminutil 389-ds-base-libs 389-ds-base

/bin/rm -rf /etc/dirsrv /var/lib/dirsrv /usr/lib64/dirsrv \

/var/lock/dirsrv /var/run/dirsrv /usr/share/dirsrv /usr/lib/dirsrv \

/var/log/dirsrv

 

yum install 389-admin 389-adminutil 389-adminutil-devel \

389-ds-base 389-ds-base-devel 389-ds-base-libs 389-ds

/usr/sbin/setup-ds-admin.pl -d

-> Option 2 Typical

 

### GO INTO GUI

### Server -> Tasks -> Manager Certificates

### AND SETUP INTERNAL TOKEN, etc.

### GUI DOES NOT SUPPORT2048 CERT

 

cd /etc/dirsrv/slapd-ldap

certutil -R -d . -s "cn=ldap.wrlc.org" \

-g 2048 -a /var/tmp/ldap.cert.csr \

-p "301-390-3050"

 

-          Still working on the rest.

-          Thanks

-          Chris

From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Thursday, May 24, 2012 3:50 PM
To: Chris Cawley
Cc: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails

 

On 05/24/2012 01:20 PM, Chris Cawley wrote:

I am looking for a step by step guide for the command line version of an SSL install.

 

I have some steps; however, I do not believe that they are correct.


There's http://port389.org/wiki/Howto:SSL
and
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/SecureConnections.html

 

-          Chris

 

From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Wednesday, May 23, 2012 3:06 PM
To: General discussion list for the 389 Directory server project.
Cc: Chris Cawley
Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails

 

On 05/23/2012 12:59 PM, Chris Cawley wrote:

Hello,

 

 

    I went through some of the docs/emails; however, it still seems like

    The NSS is not working correctly.


Not sure what you mean.



    On a separate, but related issue, it seems like you cannot use

    the GUI to generate a key with 2048 bits.


Right.  https://fedorahosted.org/389/ticket/362

In the meantime, use certutil to generate the CSR.



To get a real CA, some

    vendors ask for this.

        -          Thanks

        -          Chris

 

Chris Cawley

System Administrator

Washington Research Library Consortium

301-390-2049

cawley@wrlc.org

 

 





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users