[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP and SSL
This is my cert *formula* (for what its worth) - and yes, I changed
the CA.sh script to keep my defaults - I have made so many test certs
I got tired of answering them repeatedly...
mkdir -p /var/myCA
cd /var/myCA
rm -fR /var/myCA/*
CA.sh -newca
openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem
CA.sh -sign
CA.sh -verify
#############
# Server side
openssl x509 -in cacert.pem -outform DER -out cacert.der
rm -f /etc/ldap/cacert.der
rm -f /etc/ldap/cacert.pem
rm -f /etc/ldap/servercrt.pem
rm -f /etc/ldap/serverkey.pem
cp /var/myCA/cacert.pem /etc/ldap/cacert.pem
cp /var/myCA/cacert.der /etc/ldap/cacert.der
mv /var/myCA/newcert.pem /etc/ldap/servercrt.pem
mv /var/myCA/newreq.pem /etc/ldap/serverkey.pem
chmod 0400 /etc/ldap/serverkey.pem
#############
# Client side
cd /var/myCA
openssl req -new -nodes -keyout newreq.pem -out newreq.pem
CA.sh -sign
CA.sh -verify
# Install the client key onto the client LDAP software.
mkdir -p ~/certs/keys
rm -f ~/certs/ldap.client.pem
rm -f ~/certs/keys/ldap.client.key.pem
mv newcert.pem ~/certs/ldap.client.pem
mv newreq.pem ~/certs/keys/ldap.client.key.pem
chmod 0400 ~/certs/keys/ldap.client.key.pem
Comments, suggestions, complaints?
--
WC -Sx- Jones
http://insecurity.org/
- Follow-Ups:
- Re: LDAP and SSL
- From: Chasecreek Systemhouse <chasecreek.systemhouse@gmail.com>