First, you need the netscape-ish command line keyutil & certutil stuff. I've got a copy of them in ~banz/work/software/certstuff/solaris. The magic files live in /usr/ns/server4/alias/
The cert utils are amazingly stupid. Make a new directory (e.g., 'new') and
copy the
You'll be updating the cert named "Server-Cert" the database, you can view the current cert with:
certutil -L -d . -n 'Server-Cert'
To load the new cert, do something like:
certutil -A -a -n 'Server-Cert' -t u,u,u -d .
It'll ask for the PIN for the security database; it's stored in the ...-pin.txt file. Then, cut-n-paste the new cert (.pem) file, and ctrl-d it. It might segfault, but it seems to work :)
Stop the directory server, copy the new -cert7 & -key3 files where they're supposed to be, and everything should be golden.
Lame, ain't it.