Now I can't find the old posting from 389-users from 2009, IIRC, where Rich said "Don't do that".
But I'm trying it command line now - thanks a bunch, Ryan - and we'll see. But as far as I can tell, the 389-console is only going to try and generate a 1024 bit key, and that's no longer acceptable to Verisign and others - we can't get a key with less than 2048 bits now. Is this configurable? It seems it should be? Thanks, Addison On Mon, 2012-05-07 at 12:26 -0600, Groten, Ryan wrote: > Never knew command line is frowned upon. I used command line to generate my > cert requests as well since the gui can't do things like SAN. Haven't had > any issues generating my certreqs that way. Once the certificate comes back > I use the gui to import. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Addison > Laurent > Sent: Monday, May 07, 2012 12:13 PM > To: [email protected] > Subject: [389-users] How to change certificate options using 389-console ? > > I'm trying to add a new server, and will need to use SSL, of course. > But all the instructions tell how to generate a self-signed CA, but we've got > real signed certs on the other servers, and so I'm trying to generate a CSR > for the new one. > > > Generating one from the 389-console is only giving me a 1024-bit key, and > 2048 is required. > > > I see that running the cert request from the command line is not the > preferred option, but how else can I change the parameters for the cert > request? > > > Thanks, > Addison > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users > > This communication, including any attached documentation, is intended only > for the person or entity to which it is addressed, and may contain > confidential, personal and/or privileged information. Any unauthorized > disclosure, copying, or taking action on the contents is strictly prohibited. > If you have received this message in error, please contact us immediately so > we may correct our records. Please then delete or destroy the original > transmission and any subsequent reply. > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
