Yes I understand that. To resume, I have a server-cert and a CA cert in my 389DS. I have a CA cert in my active directory.
So I need server cert in my AD !? I don't really understand "But you must generate cert for DS on AD CA", if I did a request by web-enrollment from my 389DS, and install it on my 389DS, it's good like that ? Thanks a lot ! Alex 2013/3/27 Grzegorz Dwornicki <gd1...@gmail.com> > Yes and that button allows you to install server cert (again generated in > your case on AD CA) . CA tab allows you to install CA cert. > > Greg. > 27 mar 2013 16:33, "alexandre" <axel0fe...@gmail.com> napisał(a): > > Sorry my capture is not on the mail, it's the point 12.2.1. 4.c.Go to >> the *CA Certs* tab, and click *Install* at the bottom of the window. >> On this link: >> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html >> >> Thanks >> >> >> 2013/3/27 alexandre <axel0fe...@gmail.com> >> >>> Thanks for the new Link ! >>> >>> @Rich Megginson "It's not the 389DS server certificate, but the CA >>> certificate for the CA that issued the 389DS server certificate, that you >>> need for PassSync" >>> >>> @Grzegorz Dwornicki "But you must generate cert for DS on AD CA. Then >>> you need to import this cert with AD CA cert on DS" >>> >>> Sorry I don't understand "CA certificate for the CA that issued the >>> 389DS server certificate", I have to export this one below to the AD? (it's >>> empty on this capture, but with CA certificate on my directory server): >>> >>> >>> >>> @Grzegorz Dwornicki --> do you have a procedure to do that ? I don't >>> find in redhat documentation. (when you said AD CA, do you considerthat AD >>> CA = Authority installed on my AD ?) >>> >>> Many thanks, for your answers. And your patience about my translation >>> problems. >>> >>> Best regards, >>> Alex >>> >>> >>> >>> >>> 2013/3/27 Grzegorz Dwornicki <gd1...@gmail.com> >>> >>>> I had missunderstood you im this case. No you don't need to create >>>> second CA. But you must generate cert for DS on AD CA. Then you need to >>>> import this cert with AD CA cert on DS >>>> >>>> Greg. >>>> 27 mar 2013 15:41, "alexandre" <axel0fe...@gmail.com> napisał(a): >>>> >>>> I'm really impressed by the reactivity of this list !!! >>>>> >>>>> Sorry my understanding is not perfect because i'm french, so I don't >>>>> have any CA in my DS, I have one CA (installed on my domain controller). >>>>> >>>>> Do I need to install a CA in my DS ? (when I write CA for me it means >>>>> a Authority). >>>>> >>>>> >>>>> Alex >>>>> >>>>> >>>>> 2013/3/27 Grzegorz Dwornicki <gd1...@gmail.com> >>>>> >>>>>> If you have diferent CA in AD vs DS then you need to do this import. >>>>>> >>>>>> AD by default don't use LDAPS or STARTSSL soo you need to install ms >>>>>> cert CA stuff. >>>>>> >>>>>> Greg. >>>>>> 27 mar 2013 15:07, "alexandre" <axel0fe...@gmail.com> napisał(a): >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I try to follow this procedure : >>>>>>> >>>>>>> >>>>>>> https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html >>>>>>> >>>>>>> Everything works fine, except I don't understand right this line: >>>>>>> >>>>>>> "Import the CA certificate from Directory Server into Active >>>>>>> Directory. Click *Trusted Root CA*, then *Import*, and browse for >>>>>>> the Directory Server CA certificate." >>>>>>> >>>>>>> For me CA certificate, it's a certificate from the Authority, so in >>>>>>> my Active Directory the certificate from the authority is already know >>>>>>> in >>>>>>> the Trusted Root CA. >>>>>>> >>>>>>> So, do I need to import 389DS server certificate in my active >>>>>>> directory ? >>>>>>> >>>>>>> And finally, there is no indication to do that, someone can help me >>>>>>> to pass through ? >>>>>>> >>>>>>> Thanks in advance. >>>>>>> >>>>>>> Best regards, >>>>>>> Alex >>>>>>> >>>>>>> -- >>>>>>> 389 users mailing list >>>>>>> 389-us...@lists.fedoraproject.org >>>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>>>> >>>>>> >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-us...@lists.fedoraproject.org >>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>>> >>>>> >>>>> >>>>> -- >>>>> 389 users mailing list >>>>> 389-us...@lists.fedoraproject.org >>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>> >>>> >>>> -- >>>> 389 users mailing list >>>> 389-us...@lists.fedoraproject.org >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> >>> >>> >> >> -- >> 389 users mailing list >> 389-us...@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > -- > 389 users mailing list > 389-us...@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
