Hie On Mon, May 7, 2012 at 11:42 PM, Addison Laurent <[email protected]>wrote:
> I'm trying to add a new server, and will need to use SSL, of course. > But all the instructions tell how to generate a self-signed CA, but > we've got real signed certs on the other servers, and so I'm trying to > generate a CSR for the new one. > > > Generating one from the 389-console is only giving me a 1024-bit key, > and 2048 is required. > > > I see that running the cert request from the command line is not the > preferred option, but how else can I change the parameters for the cert > request? > > > In order to generate a 2048-bit ASCII certificate request, certain options must be specified as seen in the example below: # certutil -R -d /database/directory/ -s "cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048 Where: -R - Specifies that a certificate request file be generated -d - Specifies the database directory -s - Specifies the subject -a - Specifies the use of ASCII format -g - Specifies the keysize After successful creation, the request can be sent to the certificate authority for signing. Arpit Tolani
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
