----- "Alberto GD" <[EMAIL PROTECTED]> wrote: > I'm newbie in mailman list, so I don't know if I'm sending this email > correctly. > > Tranks for your reply, and what I've understood, I have to do the > following: > % cd /var/myca/ > % /usr/share/ssl/misc/CA.sh -newca > This creates cacert.pem and private/cakey.pem (these files are common > for all the server and clients). In The field of Common Name I have to > write the ldap master server name host (i.e. ldap.dominio.com ). > > Now, I make a singing request for master server, slave server > (replica) and clients. I execute all these command for each one > changing the Common Name for the specific host name (for master > server: ldap.dominio.com , for slave server (replica): > replica.ldap.dominio.com , for clients: pc1.dominio.com....). > % openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out > newreq.pem > % /usr/share/ssl/misc/CA.sh -sign > > Are all OK? > Thank you very much, and if this is correct, you could add this to a > FAQ of the openldap guide, because I haven't seen anything about slave > servers.
http://www.openldap.org/faq/data/cache/185.html Simply: /usr/share/ssl/misc/CA.sh -newca /usr/share/ssl/misc/CA.sh -newreq /usr/share/ssl/misc/CA.sh -sign then for all other servers/slave, only do the last two of above. See that faq for more into. -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E [EMAIL PROTECTED] Community developed LDAP software. http://www.openldap.org/project/
