Thanks, I am up to setting up the cert. I was missing a critical step (or two).
rpm -e 389-adminutil-devel 389-ds-base-devel rpm -e --nodeps 389-ds-console 389-admin-console 389-ds 389-dsgw rpm -e --nodeps 389-admin 389-adminutil 389-ds-base-libs 389-ds-base /bin/rm -rf /etc/dirsrv /var/lib/dirsrv /usr/lib64/dirsrv \ /var/lock/dirsrv /var/run/dirsrv /usr/share/dirsrv /usr/lib/dirsrv \ /var/log/dirsrv yum install 389-admin 389-adminutil 389-adminutil-devel \ 389-ds-base 389-ds-base-devel 389-ds-base-libs 389-ds /usr/sbin/setup-ds-admin.pl -d -> Option 2 Typical ### GO INTO GUI ### Server -> Tasks -> Manager Certificates ### AND SETUP INTERNAL TOKEN, etc. ### GUI DOES NOT SUPPORT2048 CERT cd /etc/dirsrv/slapd-ldap certutil -R -d . -s "cn=ldap.wrlc.org" \ -g 2048 -a /var/tmp/ldap.cert.csr \ -p "301-390-3050" - Still working on the rest. - Thanks - Chris From: Rich Megginson [mailto:[email protected]] Sent: Thursday, May 24, 2012 3:50 PM To: Chris Cawley Cc: General discussion list for the 389 Directory server project. Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails On 05/24/2012 01:20 PM, Chris Cawley wrote: I am looking for a step by step guide for the command line version of an SSL install. I have some steps; however, I do not believe that they are correct. There's http://port389.org/wiki/Howto:SSL and http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/SecureConnections.html - Chris From: Rich Megginson [mailto:[email protected]] Sent: Wednesday, May 23, 2012 3:06 PM To: General discussion list for the 389 Directory server project. Cc: Chris Cawley Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails On 05/23/2012 12:59 PM, Chris Cawley wrote: Hello, I went through some of the docs/emails; however, it still seems like The NSS is not working correctly. Not sure what you mean. On a separate, but related issue, it seems like you cannot use the GUI to generate a key with 2048 bits. Right. https://fedorahosted.org/389/ticket/362 In the meantime, use certutil to generate the CSR. To get a real CA, some vendors ask for this. - Thanks - Chris Chris Cawley System Administrator Washington Research Library Consortium 301-390-2049 [email protected]<mailto:[email protected]> -- 389 users mailing list [email protected]<mailto:[email protected]> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
