Notes on setting up SSL connections for fedora DS. (These instructions are only for testing)
This script will generate certificates suitable for testing Fedora DS. The scripts contain passwords – CHANGE THEM before you use this.
#!/bin/bash cd /tmp/genkeys rm -rf ldap rm -rf admin rm -rf ca mkdir ldap mkdir admin mkdir ca echo "************ CA *****************" cd ca openssl genrsa -des3 -passout pass:passca -out ca.key 1024 openssl req -new -x509 -days 365 -key ca.key -passin pass:passca -out ca.crt -co nfig ../cnf openssl pkcs12 -export -in /tmp/genkeys/ca/ca.crt -cacerts -out /tmp/genkeys/ca/ ca.p12 -nokeys -passout pass:ca cd .. echo "************ LDAP ***************" cd ldap openssl genrsa -des3 -passout pass:passldap -out ldap.key 1024 openssl req -new -key ldap.key -passin pass:passldap -out ldap.csr -config ../cn f openssl x509 -req -days 365 -in ldap.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -o ut ldap.crt -set_serial 01 -passin pass:passca echo "************ Export Server Cert" openssl pkcs12 -export -in ldap.crt -inkey ldap.key -out ldap.p12 -name "DS-Serv er-Cert" -passout pass:ldap -passin pass:passldap cd .. echo "************ ADMIN ***************" cd admin openssl genrsa -des3 -passout pass:passadmin -out admin.key 1024 openssl req -new -key admin.key -passin pass:passadmin -out admin.csr -config .. /cnf openssl x509 -req -days 365 -in admin.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key - out admin.crt -set_serial 02 -passin pass:passca echo "************ Export Server Cert" openssl pkcs12 -export -in admin.crt -inkey admin.key -out admin.p12 -name "Admi n-Server-Cert" -passout pass:admin -passin pass:passadmin
Now this script wil import those certificates and start the server
#!/bin/bash AD_PW=qwertyuiop DS_PW=asdfghjkl cd /opt/fedora-ds/etc/dirsrv/slapd-server1/ pk12util -i /tmp/genkeys/ldap/ldap.p12 -d . -K $DS_PW -W ldap pk12util -i /tmp/genkeys/admin/admin.p12 -d . -K $DS_PW -W admin pk12util -i /tmp/genkeys/ca/ca.p12 -d . -K $DS_PW -W ca cd /opt/fedora-ds/etc/dirsrv/admin-serv/ pk12util -i /tmp/genkeys/ldap/ldap.p12 -d . -K $AD_PW -W ldap pk12util -i /tmp/genkeys/admin/admin.p12 -d . -K $AD_PW -W admin pk12util -i /tmp/genkeys/ca/ca.p12 -d . -K $AD_PW -W ca cp /opt/fedora-ds/etc/dirsrv/admin-serv/nss.conf /opt/fedora-ds/etc/dirsrv/admin -serv/nss.conf-old sed 's/NSSPassPhraseDialog builtin/NSSPassPhraseDialog file:\/\/\/opt\/fedora- ds\/etc\/dirsrv\/admin-serv\/password.conf/' /opt/fedora-ds/etc/dirsrv/admin-ser v/nss.conf-old > /opt/fedora-ds/etc/dirsrv/admin-serv/nss.conf echo "internal:$AD_PW" > /opt/fedora-ds/etc/dirsrv/admin-serv/password.conf chmod 600 /opt/fedora-ds/etc/dirsrv/admin-serv/password.conf echo "Internal (Software) Token:$DS_PW" > /opt/fedora-ds/etc/dirsrv/slapd-server1/p in.txt chmod 600 /opt/fedora-ds/etc/dirsrv/slapd-met1/pin.txt /opt/fedora-ds/etc/rc.d/init.d/dirsrv start /opt/fedora-ds/etc/rc.d/init.d/dirsrv-admin start
0 Responses to “Enable SSL in Fedora DS”