Linux Archive - Upgrade to fedora 16 with real CA fails

Linux Archive

Linux Archive (http://www.linux-archive.org/)

- Fedora Directory (http://www.linux-archive.org/fedora-directory/)

- - Upgrade to fedora 16 with real CA fails (http://www.linux-archive.org/fedora-directory/670197-upgrade-fedora-16-real-ca-fails.html)

Chris Cawley

05-23-2012 06:59 PM

Upgrade to fedora 16 with real CA fails

Hello,
*
*
*** I went through some of the docs/emails; however, it still seems like
*** The NSS is not working correctly.
*** On a separate, but related issue, it seems like you cannot use
*** the GUI to generate a key with 2048 bits.* To get a real CA, some
*** vendors ask for this.
******* -********* Thanks
******* -********* Chris
*
Chris Cawley
System Administrator
Washington Research Library Consortium
301-390-2049
cawley@wrlc.org
*
*
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson

05-23-2012 07:05 PM

Upgrade to fedora 16 with real CA fails

On 05/23/2012 12:59 PM, Chris Cawley wrote:

Hello,

*

*

*** I went through some of the
docs/emails; however, it still seems like

*** The NSS is not working correctly.

Not sure what you mean.

*** On a separate, but related issue, it
seems like you cannot use

*** the GUI to generate a key with 2048
bits.

Right.* https://fedorahosted.org/389/ticket/362

In the meantime, use certutil to generate the CSR.

To get a real CA, some

*** vendors ask for this.

******* -********* Thanks

******* -********* Chris

*

Chris Cawley

System Administrator

Washington Research Library Consortium

301-390-2049

cawley@wrlc.org

*

*

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Chris Cawley

05-24-2012 07:20 PM

Upgrade to fedora 16 with real CA fails

I am looking for a step by step guide for the command line version of an SSL install.
*
I have some steps; however, I do not believe that they are correct.
*
-********* Chris
*
From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Wednesday, May 23, 2012 3:06 PM
To: General discussion list for the 389 Directory server project.
Cc: Chris Cawley
Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails
*
On 05/23/2012 12:59 PM, Chris Cawley wrote:
Hello,
*
*
*** I went through some of the docs/emails; however, it still seems like
*** The NSS is not working correctly.

Not sure what you mean.

*** On a separate, but related issue, it seems like you cannot use
*** the GUI to generate a key with 2048 bits.

Right.* https://fedorahosted.org/389/ticket/362

In the meantime, use certutil to generate the CSR.

To get a real CA, some
*** vendors ask for this.
******* -********* Thanks
******* -********* Chris
*
Chris Cawley
System Administrator
Washington Research Library Consortium
301-390-2049
cawley@wrlc.org
*
*

--389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users*
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson

05-24-2012 07:49 PM

Upgrade to fedora 16 with real CA fails

On 05/24/2012 01:20 PM, Chris Cawley wrote:

I am looking
for a step by step guide for the command line version of an
SSL install.

*

I
have some steps; however, I do not believe that they are
correct.

There's http://port389.org/wiki/Howto:SSL

and

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/SecureConnections.html

*

-*********
Chris

*

From:
Rich Megginson [mailto:rmeggins@redhat.com]

Sent: Wednesday, May 23, 2012 3:06 PM

To: General discussion list for the 389 Directory
server project.

Cc: Chris Cawley

Subject: Re: [389-users] Upgrade to fedora 16
with real CA fails

*

On 05/23/2012 12:59 PM, Chris Cawley wrote:

Hello,

*

*

*** I went through some of the
docs/emails; however, it still seems like

*** The NSS is not working correctly.

Not sure what you mean.

*** On a separate, but related issue, it
seems like you cannot use

*** the GUI to generate a key with 2048
bits.

Right.* https://fedorahosted.org/389/ticket/362

In the meantime, use certutil to generate the CSR.

To get a real CA, some

*** vendors ask for this.

******* -********* Thanks

******* -********* Chris

*

Chris Cawley

System Administrator

Washington Research Library Consortium

301-390-2049

cawley@wrlc.org

*

*

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
*

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Chris Cawley

05-28-2012 05:11 PM

Upgrade to fedora 16 with real CA fails

Thanks, I am up to setting up the cert.
I was missing a critical step (or two).
*
rpm -e 389-adminutil-devel 389-ds-base-devel
rpm -e --nodeps 389-ds-console 389-admin-console 389-ds 389-dsgw
rpm -e --nodeps 389-admin 389-adminutil 389-ds-base-libs 389-ds-base
/bin/rm -rf /etc/dirsrv /var/lib/dirsrv /usr/lib64/dirsrv
/var/lock/dirsrv /var/run/dirsrv /usr/share/dirsrv /usr/lib/dirsrv
/var/log/dirsrv
*
yum install 389-admin 389-adminutil 389-adminutil-devel
389-ds-base 389-ds-base-devel 389-ds-base-libs 389-ds
/usr/sbin/setup-ds-admin.pl -d
-> Option 2 Typical
*
### GO INTO GUI
### Server -> Tasks -> Manager Certificates
### AND SETUP INTERNAL TOKEN, etc.
### GUI DOES NOT SUPPORT2048 CERT
*
cd /etc/dirsrv/slapd-ldap
certutil -R -d . -s "cn=ldap.wrlc.org"
-g 2048 -a /var/tmp/ldap.cert.csr
-p "301-390-3050"
*
-********* Still working on the rest.
-********* Thanks
-********* Chris
From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Thursday, May 24, 2012 3:50 PM
To: Chris Cawley
Cc: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails
*
On 05/24/2012 01:20 PM, Chris Cawley wrote:
I am looking for a step by step guide for the command line version of an SSL install.
*
I have some steps; however, I do not believe that they are correct.

There's http://port389.org/wiki/Howto:SSL
and
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/SecureConnections.html

*
-********* Chris
*
From: Rich Megginson [mailto:rmeggins@redhat.com]
Sent: Wednesday, May 23, 2012 3:06 PM
To: General discussion list for the 389 Directory server project.
Cc: Chris Cawley
Subject: Re: [389-users] Upgrade to fedora 16 with real CA fails
*
On 05/23/2012 12:59 PM, Chris Cawley wrote:
Hello,
*
*
*** I went through some of the docs/emails; however, it still seems like
*** The NSS is not working correctly.

Not sure what you mean.

*** On a separate, but related issue, it seems like you cannot use
*** the GUI to generate a key with 2048 bits.

Right.* https://fedorahosted.org/389/ticket/362

In the meantime, use certutil to generate the CSR.

To get a real CA, some
*** vendors ask for this.
******* -********* Thanks
******* -********* Chris
*
Chris Cawley
System Administrator
Washington Research Library Consortium
301-390-2049
cawley@wrlc.org
*
*

--389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users*
*
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

All times are GMT. The time now is 08:24 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.