James Roman wrote:
First off, thanks Rob for the direction on creating a certificate. After reading up on Mozilla's NSS, I think I've got a pretty fair grounding.


So I successfully generated a CSR and had it signed. I imported my certificate and CA chain into the NSS database and exported it to a PKCS12 cert. I am primarily concerned with using the public cert on the HTTP interface. However, when I go to import it using ipa-server-certificate, it chokes on the names in the CA certificate chain. (One of the certs uses full website address for the name.) I can manually import each of the certificates in the CA chain using certutil on the /etc/httpd/alias directory.

What do you mean by choke? Do you have a python backtrace or can you send me the ipaserver-install.log?

Will this work?
Are there any other configuration changes that I need to make the http interface function properly (like changes in the nss.conf)? What about manually modifying the directory server (/etc/dirsrv/slapd-KRBDOMAIN)?


What distro are you using?

rob

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to