> I'm no expert but it looks to me like it is expecting a certificate, not
> a PKCS#12 file. The man page isn't exactly clear on what types are
> acceptable but based on the certutil error it looks like it only accepts
> PEM files. It isn't at all clear to me how one passes in the private key
> or a chain of trust.
this
https://directory.fedoraproject.org/docs/389ds/howto/howto-ssl-archive.html#importing-an-existing-self-sign-keycert-or-3rd-party-cacert
flops back-n-forth 'tween 'pk12util' & 'certutil usage, and manages to
completely avoid any mention of dsconf (which appears to use certutil), so ...
... i'll join the confusion!
that said, it _seems_ clear that the .p12 _is_ needed, since there's no other
key input mechanism.
it'd certainly be easier it dsconf simply allowed spec'n of
ca_cert
cert
key
in pem formats without the p12 'hoops' ...
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
