On Mon, 2005-11-14 at 17:15 -0800, Daniel B. Thurman wrote: > >From: fedora-list-bounces@xxxxxxxxxx > >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Craig White > >Sent: Monday, November 14, 2005 5:10 PM > >To: For users of Fedora Core releases > >Subject: RE: LDAP SSL Problems (was: service script (/etc/init.d/ldap)) > > > > > >On Mon, 2005-11-14 at 16:42 -0800, Daniel B. Thurman wrote: > > > >> See: if LANG=C klist -k "$KRB5_KTNAME" | tail -n 4 | awk > >'{print $2}' | > >> ===============^^^^^ > >> s/b ===========$klist > >---- > >your previous email referenced the missing '$' on the word kinit not > >klist which was significant since kinit doesn't exist in the file but > >klist clearly does in a number of places. I understand how you > >transposed it though - going buggy after typing it a number of times it > >probably just flowed naturally through your fingers. > > > >Craig > > > > > > Yea... sorry... I was trying to solve my problem with ldap > and it was getting a bit frustrating - so I lost it somewhere > when my fingers starting running away from me :-) > > Your certificate creation method did not work. I saw that I > had to change the openssl.cnf path and I did get the two > files: ldap.csr and ldap.key but missing is ca.certs and > ca.key. ----- sorry, perhaps I missed it... here is my entire script... (watch for line wrap because of email line limits) # cat /root/scripts/make.certs #!/bin/sh cd /usr/share/ssl/certs mkdir /etc/ssl openssl genrsa -des3 -out ca.key 2048 openssl genrsa -des3 -out server.key 1024 #### generate web server certificate #### openssl rsa -in server.key -out server.key.unsecure openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 - key server.key.unsecure -out server.crt rm -fr /etc/httpd/conf/ssl.crt/server.crt cp server.crt /etc/httpd/conf/ssl.crt/ rm -fr /etc/httpd/conf/ssl.key/server.key cp server.key.unsecure /etc/httpd/conf/ssl.key/server.key #### generate cyrus certificate #### openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -nodes - out /etc/ssl/cyrus-global.pem -keyout /etc/ssl/cyrus-global.pem -days 3650 openssl gendh 512 >> /etc/ssl/cyrus-global.pem #### generate openldap certificate #### openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 - key ca.key -out ca.cert openssl genrsa -out ldap.key 1024 openssl req -config /usr/share/ssl/openssl.cnf -new -key ldap.key -out ldap.csr openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert -CAkey ca.key -CAcreateserial -days 3650 cp ca.cert /etc/ssl cp ca.key /etc/ssl cp ldap.key /etc/ssl cp ldap.csr /etc/ssl Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
