Van Remoortere, Arnaud via 389-users wrote: > Hi there, I'm using the self-signed CA with a server cert generated by > the installer and it's working, I'd just like to add another server cert > with a subject alt name for the same server. I generated the CSR ut > can't work out how to generate the certificate. > > > I had to convert the CSR to DER format and then this is the command I'm > trying: > > certutil -C -c "Self-Signed-CA" -i ./dirsrv_der.csr -o ./newcert.cer -m > 010 -v 24 -w 1 -d /etc/dirsrv/slapd-primary/ -1 > nonRepudiation,dataEncipherment -5 sslClient -6 clientAuth -7 > avanr...@me.com > > The output I get from the above command is: > > 0 - Digital Signature > 1 - Non-repudiation > 2 - Key encipherment > 3 - Data encipherment > 4 - Key agreement > 5 - Cert signing key > 6 - CRL signing key > Other to finish > > > > Nothing seems to do anything at this point, selecting any number here > and hitting return just pops that menu up again.
The option values are only used with the double-dashed option. Instead of -1 use --keyUsage, for example. rob -- _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
