[Fedora-directory-users] Comments on the setupssl.sh enabling SSL script
Andy Schofield
ajs at th.ph.bham.ac.uk
Fri Mar 30 15:51:28 UTC 2007
Well, I have succeeding in getting SSL going and the howto is very
helpful for this:
http://directory.fedora.redhat.com/wiki/Howto:SSL
and in particular the script: setupssl.sh
http://directory.fedora.redhat.com/download/setupssl.sh
In doing so I came across a number of gotchas which might help others.
(1) The script uses "ldapmodify" from the openldap-clients package and
not from the fedora-ds/shared/bin supplied one. The options are
different and ldapmodify needs to be in the path. I've no idea why.
(2) The script almost does everything for you. In particular you will
find in /opt/fedora-ds/alias
the cacert.asc file which you need to give to the clients. You do not
need to export it which was just as well as the command given in the
howto did not work for me.
(3) The default names of the certificates are not correct if you want
to ensure that the administrator console is encrypted too. You need to
cd /opt/fedora-ds/alias
cp admin-serv-serverID-cert8.db admin-serv-hostname-cert8.db
cp admin-serv-serverID-key3.db admin-serv-hostname-key3.db
where you replace serverID by your serverID name and hostname by the
first part of your hostname.
If I was confident that these points were not my mistakes, or were
peculiarities of my setup then I'd update the wiki.
Andy
More information about the Fedora-directory-users
mailing list