Thanks. I've been using them for now, I was just hoping for an easier route.
Thanks for your help, Trevor On Wed, Feb 10, 2021, 7:53 PM William Brown <[email protected]> wrote: > Sadly not. We still need NSS as the main TLS lib for accepting incoming > connections, so we need them in the nssdb. > > There are a number of helpers in 'dsconf <instance> tls' to assist here > though and it can automaticaly do the conversions you need. > > > On 11 Feb 2021, at 10:48, Trevor Vaughan <[email protected]> wrote: > > > > Interesting! > > > > You may want to put that in the documentation. > > > > On a related note, is it possible to use PEM files directly instead of > messing about with conversions? > > > > Thanks, > > > > Trevor > > > > On Wed, Feb 10, 2021, 5:53 PM William Brown <[email protected]> wrote: > > > > > > > On 10 Feb 2021, at 23:17, Trevor Vaughan <[email protected]> > wrote: > > > > > > I noticed that the server was extracting the PEM files from the > keystore by default and was wondering if there was really any use for this > being on by default. > > > > > > The relevant setting is nsslapd-extract-pemfiles. > > > > Yep, it's needed. Internally we use some openldap client libraries for > outbound connections, and they only support openssl and PEM certificates. > So we need to extract these at start up and feed them to the library. > > > > > > > > > > Thanks, > > > > > > Trevor > > > > > > -- > > > Trevor Vaughan > > > Vice President, Onyx Point, Inc > > > (410) 541-6699 x788 > > > > > > -- This account not approved for unencrypted proprietary information -- > > > _______________________________________________ > > > 389-users mailing list -- [email protected] > > > To unsubscribe send an email to > [email protected] > > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > > > > — > > Sincerely, > > > > William Brown > > > > Senior Software Engineer, 389 Directory Server > > SUSE Labs, Australia > > _______________________________________________ > > 389-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > _______________________________________________ > > 389-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > > — > Sincerely, > > William Brown > > Senior Software Engineer, 389 Directory Server > SUSE Labs, Australia > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
