Certificate

From DISI
Jump to navigation Jump to search

On suspects: 

openssl x509 -x509toreq -in /etc/pki/tls/certs/suspects.pem -out ~/req.csr -signkey /etc/pki/tls/private/suspects_key.pem

scp the ~/req.csr to spinaltap, to the directory: /etc/pki/tls/newcerts/

On spinaltap: 

certtool --generate-certificate --template /etc/pki/CA/tpl/suspects.tpl --load-privkey /etc/pki/CA/newcerts/suspects_key.pem --load-ca-certificate /etc/pki/CA/certs/ca.pem --load-ca-privkey /etc/pki/CA/private/ca_key.pem --outfile /etc/pki/CA/newcerts/suspects.pem
scp /etc/pki/CA/newcerts/suspects.pem suspects:/etc/pki/tls/certs/

On suspects: 

openssl pkcs12 -export -out /etc/pki/ds/suspects.p12 -inkey /etc/pki/tls/private/suspects_key.pem -in /etc/pki/tls/certs/suspects.pem -certfile /etc/pki/CA/cacert.pem
pk12util -i /etc/pki/ds/suspects.p12 -d /etc/dirsrv/slapd-suspects/
service dirsrv restart
service dirsrv-admin restart
Retrieved from "http://wiki.docking.org/index.php?title=Certificate&oldid=9475"