Using certutil
Chapter 11
Managing SSL and SASL
425
Step 5: Confirm That Your New Certificates Are
Installed
1.
In the Directory Server Console, select the Tasks tab, and click Manage
Certificates.
The Manage Certificates window is displayed.
2.
Select the Server Certs tab.
A list of all the installed certificates for the server is displayed.
3.
Scroll through the list. You should find the certificates you installed.
Your server is now ready for SSL activation.
Using certutil
The Directory Server has a command-line tool,
certutil
, which locally creates
self-signed CA and client certificates, certificate databases, and keys. The default
location for the Directory Server
certutil
tool is
serverRoot
/shared/bin/
.
certutil
can also be downloaded from
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
.
The following steps outline how to make the databases, key, CA certificate, and
server/client certificate and convert the certificates into
pkcs12
format.
1.
Open the directory where the Directory Server certificate databases are stored.
cd
serverRoot
/alias
2.
Make a backup copy of all of the filed in the directory as a precaution. If
something goes awry with while managing certificates, the databases can then
be restored. For example:
tar -cf /tmp/db-backup.tar *
NOTE
When you renew a certificate using the Certificate Wizard, the text
on the introduction screen (step 1) doesn't clearly indicate that the
process is renewal and not requesting a new certificate. Also, the
requestor information (step 2) doesn't get filled automatically.
Summary of Contents for DIRECTORY SERVER 7.1
Page 1: ...Administrator s Guide Red Hat Directory Server Version7 1 May 2005 Updated February 2009 ...
Page 20: ...20 Red Hat Directory Server Administrator s Guide May 2005 Glossary 619 Index 635 ...
Page 22: ...22 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 26: ...26 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 78: ...Maintaining Referential Integrity 78 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 200: ...Assigning Class of Service 200 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 488: ...488 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 528: ...PTA Plug in Syntax Examples 528 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 572: ...572 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 612: ...Examples of LDAP URLs 612 Red Hat Directory Server Administrator s Guide May 2005 ...
Page 634: ...634 Red Hat Directory Server Administrator s Guide May 2005 ...