> I'm no expert but it looks to me like it is expecting a certificate, not
> a PKCS#12 file. The man page isn't exactly clear on what types are
> acceptable but based on the certutil error it looks like it only accepts
> PEM files. It isn't at all clear to me how one passes in the private key
> or a chain of trust.
this
https://directory.fedoraproject.org/docs/389ds/howto/howto-ssl-archive.html#importing-an-existing-self-sign-keycert-or-3rd-party-cacert
flops back-n-forth 'tween 'pk12util' & 'certutil usage, and manages to completely avoid any mention of dsconf (which appears to use certutil), so ...
... i'll join the confusion!
that said, it _seems_ clear that the .p12 _is_ needed, since there's no other key input mechanism.
it'd certainly be easier it dsconf simply allowed spec'n of
ca_cert
cert
key
in pem formats without the p12 'hoops' ...
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
No comments:
Post a Comment