[Fedora-directory-users] SSL cert problem v1.0.4
Rich Megginson
rmeggins at redhat.com
Wed Dec 17 20:21:20 UTC 2008
Scott Lacy wrote:
>
> I have a server which has an old and renewed SSL cert on it, but the
> server will not start due to the old cert still being on it. I have
> not had any success deleting the old cert or setting the server to
> start with the new one (if that is configurable). I’ve gone through
> the documentation with no success. I guess what I need is a
> quick-and-dirty lesson on how to locate the old cert and delete it.
>
Use the certutil command
http://directory.fedoraproject.org/wiki/Howto:SSL has some examples
cd /opt/fedora-ds/alias
../shared/bin/certutil -L -d . -P slapd-yourinstancename-
Use certutil -H for help
certutil -D will delete a cert
I would strongly encourage you to make a backup of your expired cert and
key first:
cd /opt/fedora-ds/alias
../shared/bin/pk12util -d . -P slapd-yourinstancename- -o saved.p12 -n
"old cert name" ...
Use pk12util -H for help
>
> Thanks in advance from a sheepish SA…
>
> ----------------------
>
> Scott Lacy
>
> Unix Systems Manager, Systems and Networks
>
> Mercer University
>
> 478 301 5509
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20081217/aeb4763f/attachment.bin>
More information about the Fedora-directory-users
mailing list