This procedure is for the new [WWW] CACert signed certificates. Substitute the fully-qualifed domain-name of the service for service-fqdn. For example,

  1. On the appropiate server:

    cd /etc/ssl/certs
  2. Make sure to set the 'Common Name' to the service-fqdn. All the rest is ignored:

    openssl req -nodes -days 900 -new -keyout service-fqdn.priv -out service-fqdn.csr
  3. Paste the contents of service-fqdn.csr into the text box in CACert->Server->New

  4. Choose class 1 root certificate and click submit

  5. Double-check the server name, then hit submit

  6. Paste the contents of the text box into service-fqdn.pem

  7. cat service-fqdn.priv >> service-fqdn.pem
  8. You can now delete the .csr and .priv files

  9. Make sure the permissions are correct (only the appropriate daemons should be able to read the cert files)

Updating ssl cert on Ldap

last edited 2006-12-20 10:35:59 by eamonncregan