Updating Certs on iPlanet/SunOne/Etc LDAP Servers

From Syscore

This information is for updating certs on iPlanet/SunOne and similar LDAP servers.

The "certutil" utility specified here is in /ldap/server5/shared/bin on our LDAP servers (it's part of the SunOne DS5 distribution now). You'll need to do set LD_LIBRARY_PATH to /ldap/server5/lib in order for it to work.

The cert utils are amazingly stupid. Make a new directory (e.g., 'new') and copy the <instance>-whatever.db files in to new/whatever.db.

You'll be updating the cert named "Server-Cert" the database, you can view the current cert with: /ldap/server5/shared/bin/certutil -P slapd-ldap-master- -L -d . -n 'Server-Cert'

To load the new cert, do something like: /ldap/server5/shared/bin/certutil -P slapd-ldap-master- -A -a -n 'Server-Cert' -t u,u,u -d .

It'll ask for the PIN for the security database; it's stored in the ...-pin.txt file. Then, cut-n-paste the new cert (.pem) file, and ctrl-d it. It might segfault, but it seems to work :)

Stop the directory server, copy the new -cert7 & -key3 files where they're supposed to be, and everything should be golden.

Retrieved from "http://www.umbc.edu/oit/iss/syscore/wiki/Updating_Certs_on_iPlanet/SunOne/Etc_LDAP_Servers"

Updating Certs on iPlanet/SunOne/Etc LDAP Servers

From Syscore

Views

Personal tools

Navigation

Search

Toolbox