RE: LDAP SSL Problems (was: service script (/etc/init.d/ldap))

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2005-11-15 at 09:57 -0800, Daniel B. Thurman wrote:
> >From: fedora-list-bounces@xxxxxxxxxx
> >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Craig White
> >Sent: Monday, November 14, 2005 5:52 PM
> >To: For users of Fedora Core releases
> >Subject: RE: LDAP SSL Problems (was: service script (/etc/init.d/ldap))
> >
> >
> >On Mon, 2005-11-14 at 17:15 -0800, Daniel B. Thurman wrote:
> >> >From: fedora-list-bounces@xxxxxxxxxx
> >> >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Craig White
> >> >Sent: Monday, November 14, 2005 5:10 PM
> >> >To: For users of Fedora Core releases
> >> >Subject: RE: LDAP SSL Problems (was: service script 
> >(/etc/init.d/ldap))
> >> >
> >> >
> 
> ... snip
> 
> >here is my entire script... (watch for line wrap because of email line
> >limits)
> >
> ># cat /root/scripts/make.certs
> >#!/bin/sh
> >
> >cd /usr/share/ssl/certs
> >mkdir /etc/ssl
> >
> >openssl genrsa -des3 -out ca.key 2048
> >openssl genrsa -des3 -out server.key 1024
> >
> >#### generate web server certificate ####
> >openssl rsa -in server.key -out server.key.unsecure
> >openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 -
> >key server.key.unsecure -out server.crt
> >rm -fr /etc/httpd/conf/ssl.crt/server.crt
> >cp server.crt /etc/httpd/conf/ssl.crt/
> >rm -fr /etc/httpd/conf/ssl.key/server.key
> >cp server.key.unsecure /etc/httpd/conf/ssl.key/server.key
> >
> >#### generate cyrus certificate ####
> >openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -nodes -
> >out /etc/ssl/cyrus-global.pem -keyout /etc/ssl/cyrus-global.pem -days
> >3650
> >openssl gendh 512 >> /etc/ssl/cyrus-global.pem
> >
> >#### generate openldap certificate ####
> >openssl req -config /usr/share/ssl/openssl.cnf -new -x509 -days 3650 -
> >key ca.key -out ca.cert
> >openssl genrsa -out ldap.key 1024
> >openssl req -config /usr/share/ssl/openssl.cnf -new -key ldap.key -out
> >ldap.csr
> >openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert -CAkey ca.key
> >-CAcreateserial -days 3650
> 
> I am a little confused with the last openssl command above.
> 
> I note that ldap.cert is generated but is not copied to the
> /etc/ssl so does ldap need this file?
> 
> Also, does ldap need the ca.key or does it use it's own ldap.key
> file?
> 
> >cp ca.cert /etc/ssl
> >cp ca.key /etc/ssl
> >cp ldap.key /etc/ssl
> >cp ldap.csr /etc/ssl
> >
> >Craig
> >
> 
> Thanks for sharing the script.
> 
----
slapd.conf

#TLSCipherSuite           HIGH:MEDIUM:+SSLv2
#TLSCertificateFile     /etc/openldap/ldap.cert
#TLSCertificateKeyFile  /etc/openldap/ldap.key
#TLSCACertificateFile   /etc/openldap/ca.crt

ca = certificate authority

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux