We have a CA using our corporate certificate which we want to sign our
certificates for the fedora-ds and clients.
I am trying to work out how to do this. The setupssl2 script works fine
in generating and installing a self-signed certifictae on the server(s)
but we now want to generate and sign using our CA.
Does anybody have a set of instructions that would cover this case?
In particular I would like to understand when the use of certutil is
mandatory and when it can be replaced with one or more openssl commands.
Eventually I would like to be able to configure the server using the
setup-ds-admin script with a certificate already pre-generated by
openssl quoted as the CACertificate parameter.
One complication to all of this is that we need to assign a number of
SubjectAltNames to the certificates so that a server may have multiple
identities!
Regards, Howard
--
Fedora-directory-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-directory-users
