Trace: thinkpad_x200 5_configure_sol10_client 4_configure_rhel5_client d-link_dwa-547_linux linux_obexfs linux_bt_ppp nokia_n900 compile_bind compile_kerberos pki_ldaps_config
 
Page Actions
Wiki Actions
User Actions
Submit This Story
 
### create a CA
vi /etc/ssl/openssl.cnf
mkdir -p /etc/ssl/fluxcoil.net.ca/{certs,crl,newcerts,private}
chmod 700 /etc/ssl/fluxcoil.net.ca
touch /etc/ssl/fluxcoil.net.ca/index.txt
echo 01 >/etc/ssl/fluxcoil.net.ca/serial
cd /etc/ssl/fluxcoil.net.ca
umask 077
openssl genrsa -out private/cakey.pem -des3 2048
openssl req -new -x509 -key private/cakey.pem -days 3650 >cacert.pem

### create ldap-server cert, on ldapserver
cd /opt/soft_openldap-2.3.35
umask 077
openssl genrsa 1024 >slapd.key
openssl req -new -key slapd.key -out slapd.csr
# openssl req -in slapd.csr -noout -text # see contents of request
cp slapd.csr /etc/ssl/fluxcoil.net.ca/
cd /etc/ssl/fluxcoil.net.ca
openssl ca -in slapd.csr -out slapd.crt
cp slapd.crt cacert.pem /opt/soft_openldap-2.3.35
cd /opt/soft_openldap-2.3.35
vi etc/openldap/slapd.conf # add:
----------------------------------
TLSCACertificateFile    /opt/soft_openldap-2.3.35/cacert.pem     
TLSCertificateFile      /opt/soft_openldap-2.3.35/slapd.crt
TLSCertificateKeyFile   /opt/soft_openldap-2.3.35/slapd.key
----------------------------------

killall slapd
libexec/slapd
 
kerberos/old_docs/pki_ldaps_config.txt · Last modified: 2010/01/15 20:31 (external edit)     Back to top
Get Firefox! Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki