These 2 links should help, 389 has its own cert management, so it is a bit different at first, you can probably use pk12util and certutil to do most of the cert handling.
http://directory.fedoraproject.org/wiki/FAQ#Can_389_use_OpenSSL_or_GnuTLS.3F http://directory.fedoraproject.org/wiki/Howto:SSL 2011/10/11 Gerhardus Geldenhuis <[email protected]> > Hi > > I am looking at doing certifcate based authentication using 389. The > company where I am working currently issues a certificate for every new > starter and these certs are well managed with regards to sensible expiry > dates etc. This cert is your key to the whole environment and a lot of the > applications like jira/confluence authenticate you based on > your certificate. > > I have read through the documentation: > > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_SSL.html > > and it seems to suggest that it is nessesary to convert the user > certificate and upload it into 389 db. This seems a bit of a duplication. Is > there anyway to "talk" to the certificate provider to ascertain the validity > or not of a certificate and obtain any other required information, rather > than having a copy of the certificate in the database. The documentation > also does not say whether this is the public or private part of > the certificate that needs to be uploaded. I am assuming it is the public > part. > > The second part of the question is how would this work with regards to ssh > authentication. Somehow via pam and ssh the certificate must be passed on to > 389 when the authentication happens. I am not sure this is currently > possible with pam but would be interested in any suggestions to achieve > something like this. > > Regards > > -- > Gerhardus Geldenhuis > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
