hi, some time ago I asked for a scriptable way of creating a certificate request, here's the thread:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org/thread/EHWWAHOO3S2HZEWJEXTQKDDRH33NLSMU/#HF7ZPVLMUK32AIEEWPEOLUJGZFXXRCEK I didn't have the time to write anything and I would like to invest some time now. the goal is to create an unattended script for node creation INCLUDING certification with an external CA. I'm thinking about having several precreated certificate databases and download them to nodes. something like: openssl rand -base64 16 > pwfile.txt && certutil -N -d . -f pwfile.txt in several nodes and then scp/wget them to each node. also, do all CSR beforehand and already signed with our CA so I will have a repo of cert databases like: nss/ca_root.crt nss/ldap10 nss/ldap10/cert9.db nss/ldap10/key4.db nss/ldap10/ldap10.example.com.crt nss/ldap10/pkcs11.txt nss/ldap10/pwfile.txt nss/ldap11 nss/ldap11/cert9.db nss/ldap11/key4.db nss/ldap11/ldap11.example.com.crt nss/ldap11/pkcs11.txt nss/ldap11/pwfile.txt nss/ldap12 nss/ldap12/cert9.db nss/ldap12/key4.db nss/ldap12/ldap12.example.com.crt nss/ldap12/pkcs11.txt nss/ldap12/pwfile.txt nss/ldap13 nss/ldap13/cert9.db nss/ldap13/key4.db nss/ldap13/ldap13.example.com.crt nss/ldap13/pkcs11.txt nss/ldap13/pwfile.txt nss/ldap14 nss/ldap14/cert9.db nss/ldap14/key4.db nss/ldap14/ldap14.example.com.crt nss/ldap14/pkcs11.txt nss/ldap14/pwfile.txt nss/ldap15 nss/ldap15/cert9.db nss/ldap15/key4.db nss/ldap15/ldap15.example.com.crt nss/ldap15/pkcs11.txt nss/ldap15/pwfile.txt this step is the only one remaining on my recipe of unattended container creation, so any help will be really appreciated. best regards, abosch -- Institut Mallorqui d'Afers Socials. Aquest missatge, i si escau, qualsevol fitxer annex, es dirigeix exclusivament a la persona que n'es destinataria i pot contenir informacio confidencial. En cap cas no heu de copiar aquest missatge ni lliurar-lo a terceres persones sense permis expres de l'IMAS. Si no sou la persona destinataria que s'hi indica (o la responsable de lliurar-l'hi) us demanam que ho notifiqueu immediatament a l'adreca electronica de la persona remitent. Abans d'imprimir aquest missatge, pensau si es realment necessari. _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
