Red Hat Directory Server 8.0 Administrator's Guide
1
This is the location for Red Hat Enterprise Linux 5 i386. File locations for other platforms are listed in Section 1,
“Directory Server File Locations”.
2.5. Step 5: Confirm That The New Certificates Are Installed
1. In the Directory Server Console, select the Tasks tab, and click Manage Certificates.
2. Select the Server Certs tab.
A list of all the installed certificates for the server opens.
3. Scroll through the list. The certificates installed previously should be listed.
It is now possible to set up the Directory Server to run in TLS/SSL.
NOTE
When renewing a certificate using the Certificate Wizard, the text on the
introduction screen does not clearly indicate that the process is renewal and not
requesting a new certificate. Also, the requester information is not filled in
automatically.
3. Using certutil
The Directory Server has a command-line tool, certutil, which locally creates self-signed CA
and client certificates, certificate databases, and keys. The default location for the Directory
Server certutil tool is /usr/bin/.
1
certutil can also be downloaded from
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/.
3.1. Creating Directory Server Certificates through the
Command Line
The following steps outline how to make the databases, key, CA certificate, server/client
certificate, and convert the certificates into pkcs12 format.
1. Open the directory where the Directory Server certificate databases are stored.
cd /etc/dirsrv/slapd-instance_name
2. Make a backup copy of all of the filed in the directory as a precaution. If something goes awry
with while managing certificates, the databases can then be restored. For example:
Chapter 11. Managing SSL
402