The cheat sheet is here http://directory.fedoraproject.org/wiki/Howto:SSL
You just need to read it first and then give it a try. I followed this instruction couple years ago. - dc 2012/3/5 Arpit Tolani <arpittol...@gmail.com> > Hie > > 2012/3/5 Gilbert Martin <gilbert.mar...@gmail.com> > >> Hi All, >> >> I've been trying to get SSL working with my LDAP server, but haven't had >> success. I'm currently implementing a new test environment. Does anyone >> have some quick and dirty instruction on setting up a CA and SSL certs for >> my directory server and clients? >> >> >> From my cheat sheet > > The first thing we need to do is create a new key store. > > # cd /etc/dirsrv/slapd-directory/ > # mv cert8.db key3.db secmod.db /root/ > # certutil -N -d . > > Then we create your CA. > > # certutil -S -n "CA certificate" -s "cn=CA > cert,dc=directory,dc=example,dc=com" -2 -x -t "CT,," -m 1000 -v 720 -d . -k > rsa > > Make sure you say yes to "Is this a CA certificate [y/N]?" and everything > else will be default. > > Next we create your server cert. Make sure your cn is your FQDN of this > server. > > # certutil -S -n "directory-Server-Cert" -s "cn=directory.example.com" -c > "CA certificate" -t "u,u,u" -m 1001 -v 720 -d . -k rsa > > Then check to make sure it looks ok > > certutil -L -d /etc/dirsrv/slapd-directory/ > > Create your public ca for your clients. > > # certutil -d . -L -n "CA certificate" -a > my-public-ca.asc > > In your /etc/dirsrv/slapd-directory/dse.ldif make your nsSSLPersonalitySSL > look like the following. > > nsSSLPersonalitySSL: directory-Server-Cert > > That should be it. You have to restart the directory server after above > steps. > > After this configure Directory Server to use SSL. > > Set the secure port for the server to use for TLS/SSL communications. In > the Configuration area, select the Settings tab, and enter the value in the > Encrypted Port field. > > - The encrypted port number must not be the same port number used for > normal LDAP communications. By default, the standard port number is 389, > and the secure port is 636. > > - Select the Configuration tab, and then select the top entry in the > navigation tree in the left pane. Select the Encryption tab in the right > pane. > > - Select the Enable SSL for this Server checkbox. > > - Check the Use this Cipher Family checkbox. > > - Select the certificate to use from the drop-down menu. > > > >> -- >> 389 users mailing list >> 389-us...@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > > -- > Regards > Arpit Tolani > > > -- > 389 users mailing list > 389-us...@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
