Thanks, I am up to setting up the cert.
I was missing a critical step (or two).
rpm -e 389-adminutil-devel 389-ds-base-devel
rpm -e --nodeps 389-ds-console 389-admin-console 389-ds 389-dsgw
rpm -e --nodeps 389-admin 389-adminutil 389-ds-base-libs 389-ds-base
/bin/rm -rf /etc/dirsrv /var/lib/dirsrv /usr/lib64/dirsrv \
/var/lock/dirsrv /var/run/dirsrv /usr/share/dirsrv /usr/lib/dirsrv \
/var/log/dirsrv
yum install 389-admin 389-adminutil 389-adminutil-devel \
389-ds-base 389-ds-base-devel 389-ds-base-libs 389-ds
/usr/sbin/setup-ds-admin.pl -d
-> Option 2 Typical
### GO INTO GUI
### Server -> Tasks -> Manager Certificates
### AND SETUP INTERNAL TOKEN, etc.
### GUI DOES NOT SUPPORT2048 CERT
cd /etc/dirsrv/slapd-ldap
certutil -R -d . -s "cn=ldap.wrlc.org" \
-g 2048 -a /var/tmp/ldap.cert.csr \
-p "301-390-3050"
- Still working on the rest.
- Thanks
- Chris
From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Thursday, May 24, 2012 3:50 PM
To: Chris Cawley
Cc: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails
On 05/24/2012 01:20 PM, Chris Cawley wrote:
I am looking for a step by step guide for the command line version of an SSL install.
I have some steps; however, I do not believe that they are correct.
There's http://port389.org/wiki/Howto:SSL
and
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/SecureConnections.html
- Chris
From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Wednesday, May 23, 2012 3:06 PM
To: General discussion list for the 389 Directory server project.
Cc: Chris Cawley
Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails
On 05/23/2012 12:59 PM, Chris Cawley wrote:
Hello,
I went through some of the docs/emails; however, it still seems like
The NSS is not working correctly.
Not sure what you mean.
On a separate, but related issue, it seems like you cannot use
the GUI to generate a key with 2048 bits.
Right. https://fedorahosted.org/389/ticket/362
In the meantime, use certutil to generate the CSR.
To get a real CA, some
vendors ask for this.
- Thanks
- Chris
Chris Cawley
System Administrator
Washington Research Library Consortium
301-390-2049
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users