[Fedora-directory-users] SSL directory server gateway
Jason Russler
jrussler at helix.nih.gov
Mon Apr 24 14:50:55 UTC 2006
Ok, I figured this out. The setupssl.sh script correctly names the cert
and key databases for the administrator server based on identifier you
give the directory server on setup. The default administrator server
configuration, on the other hand, creates and uses databases named after
the system's host name. This problem was corrected by setting the
correct database file names in
/opt/fedora-ds/admin-serv/config/adm.conf. Or alternatively, simply
copy the database files created by the script to the filenames that the
administrator wants to use.
The setupssl script should probably be altered to set the correct
database file names in the adm.conf file.
Thanks for the responses,
Jason
>> Hi all,
>> I'm pretty uncertain about the best way to go about configuring the
>> admin server to use SSL (FDS1.0.2) . All of the docs I'm finding are
>> pretty shaky. Ultimately, I want users to manage their passwords and
>> info via the web-based Directory Server Gateway over SSL. This would
>> appear to be the same thing as enabling SSL for the admin server.
>> The setupssl.sh script provided by the SSL howto, generates the
>> keys/certs for the admin server and imports them into the appropriate
>> cert db (I guess, I've performed the process by hand as well, based
>> on RedHat's docs and the script itself). This would imply to me that
>> the admin console would find the generated certs and present them in
>> the admin server's console (under the Configuration -> Encryption
>> tab) in much the same way that it does in the directory server's
>> console. I can't tell if something that's suppose to work isn't or
>> if I'm misunderstanding something. I'd like to know before I try to
>> generate new SSL certificates and import them.
> Yes, that's the way it is supposed to work. I verified that it does
> work on FC5 using FDS 1.0.2.
>
More information about the Fedora-directory-users
mailing list