Chapter 11. Managing SSL

2.5. Step 5: Confirm That The New Certificates Are Installed

1.In the Directory Server Console, select the Tasks tab, and click Manage Certificates.

2.Select the Server Certs tab.

A list of all the installed certificates for the server opens.

3.Scroll through the list. The certificates installed previously should be listed.

It is now possible to set up the Directory Server to run in TLS/SSL.

NOTE

When renewing a certificate using the Certificate Wizard, the text on the introduction screen does not clearly indicate that the process is renewal and not requesting a new certificate. Also, the requester information is not filled in automatically.

3. Using certutil

The Directory Server has a command-line tool, certutil, which locally creates self-signed CA and client certificates, certificate databases, and keys. The default location for the Directory Server certutil tool is /usr/bin/. 1

certutil can also be downloaded from ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/.

3.1.Creating Directory Server Certificates through the Command Line

The following steps outline how to make the databases, key, CA certificate, server/client certificate, and convert the certificates into pkcs12 format.

1.Open the directory where the Directory Server certificate databases are stored.

cd /etc/dirsrv/slapd-instance_name

2.Make a backup copy of all of the filed in the directory as a precaution. If something goes awry with while managing certificates, the databases can then be restored. For example:

1This is the location for Red Hat Enterprise Linux 5 i386. File locations for other platforms are listed in Section 1, “Directory Server File Locations”.

402

Page 422
Image 422
HP UX Red Hat Direry Server Software manual Using certutil, Confirm That The New Certificates Are Installed