Enable SSL in Fedora DS at jad

Notes on setting up SSL connections for fedora DS. (These instructions are only for testing)

This script will generate certificates suitable for testing Fedora DS. The scripts contain passwords - CHANGE THEM before you use this.

#!/bin/bash
cd /tmp/genkeys
rm -rf ldap
rm -rf admin
rm -rf ca
mkdir ldap
mkdir admin
mkdir ca

echo "************ CA *****************"
cd ca
openssl genrsa -des3 -passout pass:passca -out ca.key 1024
openssl req -new -x509 -days 365 -key ca.key -passin pass:passca -out ca.crt -co
nfig ../cnf
openssl pkcs12 -export -in /tmp/genkeys/ca/ca.crt -cacerts -out /tmp/genkeys/ca/
ca.p12 -nokeys -passout pass:ca
cd ..

echo "************ LDAP ***************"
cd ldap
openssl genrsa -des3 -passout pass:passldap -out ldap.key 1024
openssl req -new -key ldap.key -passin pass:passldap -out ldap.csr -config ../cn
f
openssl x509 -req -days 365 -in ldap.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -o
ut ldap.crt -set_serial 01 -passin pass:passca
echo "************ Export Server Cert"
openssl pkcs12 -export -in ldap.crt -inkey ldap.key -out ldap.p12 -name "DS-Serv
er-Cert" -passout pass:ldap -passin pass:passldap
cd ..

echo "************ ADMIN ***************"
cd admin
openssl genrsa -des3 -passout pass:passadmin -out admin.key 1024
openssl req -new -key admin.key -passin pass:passadmin -out admin.csr -config ..
/cnf
openssl x509 -req -days 365 -in admin.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -
out admin.crt -set_serial 02 -passin pass:passca
echo "************ Export Server Cert"
openssl pkcs12 -export -in admin.crt -inkey admin.key -out admin.p12 -name "Admi
n-Server-Cert" -passout pass:admin -passin pass:passadmin

Now this script wil import those certificates and start the server

#!/bin/bash

AD_PW=qwertyuiop
DS_PW=asdfghjkl

cd /opt/fedora-ds/etc/dirsrv/slapd-server1/
pk12util -i /tmp/genkeys/ldap/ldap.p12 -d . -K $DS_PW -W ldap
pk12util -i /tmp/genkeys/admin/admin.p12 -d . -K $DS_PW -W admin
pk12util -i /tmp/genkeys/ca/ca.p12 -d . -K $DS_PW -W ca

cd /opt/fedora-ds/etc/dirsrv/admin-serv/
pk12util -i /tmp/genkeys/ldap/ldap.p12 -d . -K $AD_PW -W ldap
pk12util -i /tmp/genkeys/admin/admin.p12 -d . -K $AD_PW -W admin
pk12util -i /tmp/genkeys/ca/ca.p12 -d . -K $AD_PW -W ca

cp /opt/fedora-ds/etc/dirsrv/admin-serv/nss.conf /opt/fedora-ds/etc/dirsrv/admin
-serv/nss.conf-old
sed 's/NSSPassPhraseDialog  builtin/NSSPassPhraseDialog  file:\/\/\/opt\/fedora-
ds\/etc\/dirsrv\/admin-serv\/password.conf/' /opt/fedora-ds/etc/dirsrv/admin-ser
v/nss.conf-old > /opt/fedora-ds/etc/dirsrv/admin-serv/nss.conf

echo "internal:$AD_PW" > /opt/fedora-ds/etc/dirsrv/admin-serv/password.conf
chmod 600 /opt/fedora-ds/etc/dirsrv/admin-serv/password.conf

echo "Internal (Software) Token:$DS_PW" > /opt/fedora-ds/etc/dirsrv/slapd-server1/p
in.txt
chmod 600 /opt/fedora-ds/etc/dirsrv/slapd-met1/pin.txt

/opt/fedora-ds/etc/rc.d/init.d/dirsrv start
/opt/fedora-ds/etc/rc.d/init.d/dirsrv-admin start

jad

Enable SSL in Fedora DS

0 Responses to “Enable SSL in Fedora DS”

Leave a Reply

Search

Interests Subpages