Certificate

From DISI
Revision as of 18:41, 30 June 2016 by Benrwong (talk | contribs) (Created page based on "How I got the certificates signed" from Lab Manual)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

On suspects:

openssl x509 -x509toreq -in /etc/pki/tls/certs/suspects.pem -out ~/req.csr -signkey /etc/pki/tls/private/suspects_key.pem

scp the ~/req.csr to spinaltap, to the directory: /etc/pki/tls/newcerts/

On spinaltap:

certtool --generate-certificate --template /etc/pki/CA/tpl/suspects.tpl --load-privkey /etc/pki/CA/newcerts/suspects_key.pem --load-ca-certificate /etc/pki/CA/certs/ca.pem --load-ca-privkey /etc/pki/CA/private/ca_key.pem --outfile /etc/pki/CA/newcerts/suspects.pem
scp /etc/pki/CA/newcerts/suspects.pem suspects:/etc/pki/tls/certs/

On suspects:

openssl pkcs12 -export -out /etc/pki/ds/suspects.p12 -inkey /etc/pki/tls/private/suspects_key.pem -in /etc/pki/tls/certs/suspects.pem -certfile /etc/pki/CA/cacert.pem
pk12util -i /etc/pki/ds/suspects.p12 -d /etc/dirsrv/slapd-suspects/
service dirsrv restart
service dirsrv-admin restart