[Fedora-directory-users] simple ssl replication
Rob Crittenden
rcritten at redhat.com
Wed Jan 18 21:40:07 UTC 2006
Richard Megginson wrote:
> Susan wrote:
>
>> --- Richard Megginson <rmeggins at redhat.com> wrote:
>> susan:
>>
>>
>>>> "CT,," -a -i cnjldap01.cert.asc certutil: could not obtain
>>>> certificate from file: You are attempting to import a cert with the
>>>> same issuer/serial as an existing cert, but that is not the same cert.
>>>>
>>>> What do you think? Both the supplier's and the consumer's CA certs
>>>> were created with identical
>>>> password/noise files. Is that a problem?
>>>>
>>>>
>>>>
>>>
>>> It seems that you already have the CA cert in the consumer cert db.
>>>
>>
>>
>>
>> well, I recreated the cert DB on the supplier and the consumer, using
>> different passwords and
>> noise files and it worked fine after that. I guess identical
>> passwords/noise produce identical
>> certs and that's not allowed.
>>
> No, that should be ok - are you sure you gave each cert a unique serial
> number?
Really all you need to do is generate a single CA certificate and use
that to sign both the supplier and consumer certificates. Each server
doesn't need its own CA.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060118/5d650d88/attachment.bin>
More information about the Fedora-directory-users
mailing list