>From: fedora-list-bounces@xxxxxxxxxx >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Craig White >Sent: Monday, November 14, 2005 5:52 PM >To: For users of Fedora Core releases >Subject: RE: LDAP SSL Problems (was: service script (/etc/init.d/ldap)) > > >On Mon, 2005-11-14 at 17:15 -0800, Daniel B. Thurman wrote: >> >From: fedora-list-bounces@xxxxxxxxxx >> >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Craig White >> >Sent: Monday, November 14, 2005 5:10 PM >> >To: For users of Fedora Core releases >> >Subject: RE: LDAP SSL Problems (was: service script >(/etc/init.d/ldap)) >> > >> > ... snip >here is my entire script... (watch for line wrap because of email line >limits) > ># cat /root/scripts/make.certs >#!/bin/sh > >cd /usr/share/ssl/certs >mkdir /etc/ssl > >openssl genrsa -des3 -out ca.key 2048 >openssl genrsa -des3 -out server.key 1024 > >#### generate web server certificate #### >openssl rsa -in server.key -out server.key.unsecure >openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 - >key server.key.unsecure -out server.crt >rm -fr /etc/httpd/conf/ssl.crt/server.crt >cp server.crt /etc/httpd/conf/ssl.crt/ >rm -fr /etc/httpd/conf/ssl.key/server.key >cp server.key.unsecure /etc/httpd/conf/ssl.key/server.key > >#### generate cyrus certificate #### >openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -nodes - >out /etc/ssl/cyrus-global.pem -keyout /etc/ssl/cyrus-global.pem -days >3650 >openssl gendh 512 >> /etc/ssl/cyrus-global.pem > >#### generate openldap certificate #### >openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 - >key ca.key -out ca.cert >openssl genrsa -out ldap.key 1024 >openssl req -config /usr/share/ssl/openssl.cnf -new -key ldap.key -out >ldap.csr >openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert -CAkey ca.key >-CAcreateserial -days 3650 I am a little confused with the last openssl command above. I note that ldap.cert is generated but is not copied to the /etc/ssl so does ldap need this file? Also, does ldap need the ca.key or does it use it's own ldap.key file? >cp ca.cert /etc/ssl >cp ca.key /etc/ssl >cp ldap.key /etc/ssl >cp ldap.csr /etc/ssl > >Craig > Thanks for sharing the script. Dan -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.0/168 - Release Date: 11/14/2005
