Certificate: Difference between revisions

From DISI
Jump to navigation Jump to search
(Created page based on "How I got the certificates signed" from Lab Manual)
 
No edit summary
 
Line 13: Line 13:
  service dirsrv restart
  service dirsrv restart
  service dirsrv-admin restart
  service dirsrv-admin restart
[[Category:Sysadmin]]

Latest revision as of 18:42, 30 June 2016

On suspects:

openssl x509 -x509toreq -in /etc/pki/tls/certs/suspects.pem -out ~/req.csr -signkey /etc/pki/tls/private/suspects_key.pem

scp the ~/req.csr to spinaltap, to the directory: /etc/pki/tls/newcerts/

On spinaltap:

certtool --generate-certificate --template /etc/pki/CA/tpl/suspects.tpl --load-privkey /etc/pki/CA/newcerts/suspects_key.pem --load-ca-certificate /etc/pki/CA/certs/ca.pem --load-ca-privkey /etc/pki/CA/private/ca_key.pem --outfile /etc/pki/CA/newcerts/suspects.pem
scp /etc/pki/CA/newcerts/suspects.pem suspects:/etc/pki/tls/certs/

On suspects:

openssl pkcs12 -export -out /etc/pki/ds/suspects.p12 -inkey /etc/pki/tls/private/suspects_key.pem -in /etc/pki/tls/certs/suspects.pem -certfile /etc/pki/CA/cacert.pem
pk12util -i /etc/pki/ds/suspects.p12 -d /etc/dirsrv/slapd-suspects/
service dirsrv restart
service dirsrv-admin restart