Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   configuring SSL for windows replication (http://www.linux-archive.org/fedora-directory/534766-configuring-ssl-windows-replication.html)

solarflow99 06-03-2011 07:38 PM

configuring SSL for windows replication
 
For self signed certs, as I understand it, the 389 supplier that has the CA must create a server cert for the windows host?* How can this cert be exported/imported since windows doesn't use pk12util?* Has anyone set this up, and can say the steps on windows 2008?* I see there are many options for installing IIS and Microsoft CA.


Thanks,
*

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 06-03-2011 08:00 PM

configuring SSL for windows replication
 
On 06/03/2011 01:38 PM, solarflow99 wrote:
For self signed certs, as I understand it, the 389
supplier that has the CA must create a server cert for the windows
host?* How can this cert be exported/imported since windows
doesn't use pk12util?* Has anyone set this up, and can say the
steps on windows 2008?* I see there are many options for
installing IIS and Microsoft CA.


That's the easiest way to generate an SSL server cert for MS AD -
Install MS CA as an Enterprise Root CA - it will automatically issue
the AD server cert.



Otherwise, look here
http://directory.fedoraproject.org/wiki/Howto:WindowsSync - you can
use mmc with the Certificates snap-in to import/export certs and
pkcs12 files.




Thanks,

*



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

David Baird 06-08-2011 09:45 PM

configuring SSL for windows replication
 
On 4/06/2011 8:00 a.m., Rich Megginson wrote:
> On 06/03/2011 01:38 PM, solarflow99 wrote:
>> For self signed certs, as I understand it, the 389 supplier that has the CA
>> must create a server cert for the windows host? How can this cert be
>> exported/imported since windows doesn't use pk12util? Has anyone set this up,
>> and can say the steps on windows 2008? I see there are many options for
>> installing IIS and Microsoft CA.
> That's the easiest way to generate an SSL server cert for MS AD - Install MS CA
> as an Enterprise Root CA - it will automatically issue the AD server cert.
>
> Otherwise, look here http://directory.fedoraproject.org/wiki/Howto:WindowsSync -
> you can use mmc with the Certificates snap-in to import/export certs and pkcs12
> files.

The procedure to generate the certificate request is outlined here
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051 which is
referenced from the howto Rich mentions.

Here's something that may catch you out. When you use certreq on the Windows
server to generate a certificate request, it generates a corresponding key for
that request (storing it in the Documents and Settings hierarchy). If for any
reason, you need to generate another certificate, do NOT re-use the request file
(the .req file) you already have, you have to generate a new request.

If, and only if, your windows domain is running at 2008 Functional level, the
best place to put the CA certificate is in the NTDS service's certificate store
(as outlined at the bottom of the Knowledge Base article above). Otherwise
import it into the local computer account's personal store

David.
>>
>> Thanks,
>>
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 04:49 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.