1. install the packages Centos-ds
2. run setup-ds-admin.pl
fill all the step, you can search on google...
bla bla bla, insert this, answer yes, bla bla..
3. create SSL certificate
edit cn=config
edit cn=encryption,cn=config
add cn=RSA,cn=ecryption,cn=config:
note: you can modify dse.ldif easier using ApacheDirectoryStudio
1. at Root DSE -> right click (go to DN..)
2. type cn=config
3. make new entry for cn=RSA,cn=encryption,cn=config
then put the attribute like above
4. then modify the cn=config and cn=encryption
# service dirsrv start
Starting dirsrv:
package...Warning: Incorrect PIN may result in disabling the token
Enter PIN for Internal (Software) Token: p4ssw0rd
[ OK ]
2. run setup-ds-admin.pl
fill all the step, you can search on google...
bla bla bla, insert this, answer yes, bla bla..
3. create SSL certificate
# cd /etc/dirsrv/slapd-instance # tar -cf * ~/db_backup.tar # touch /tmp/pwdfile; echo "p4ssw0rd" > /tmp/pwdfile # certutil -N -d . -f /tmp/pwdfile # certutil -S -n "CA certificate" -s "cn=My Org CA cert,dc=combro,dc=com" -2 -x -t "CT,," -m 1000 -v 120 -d . -k rsa -f /tmp/pwdfile # certutil -S -n "Server-Cert" -s "cn=hostname.combro.com" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa -f /tmp/pwdfile # certutil -d . -L -n "CA certificate" -a > cacert.asc # pk12util -d . -o ldap1.p12 -n Server-Cert -w /tmp/pwdfile -k /tmp/pwdfile # touch pin.txt; echo "Internal (Software) Token: p4ssw0rd" > pin.txt # chmod 0400 pin.txt # vim dse.ldif
edit cn=config
dn: cn=config nsslapd-security: on nsslapd-ssl-check-hostname: off
edit cn=encryption,cn=config
dn: cn=encryption,cn=config nsSSL3: on nsSSLClientAuth: allowed nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5, 244 +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza, 245 +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha, 246 +tls_rsa_export1024_with_des_cbc_sha
add cn=RSA,cn=ecryption,cn=config:
dn: cn=RSA,cn=encryption,cn=config objectClass: nsEncryptionModule objectClass: top nsSSLActivation: on nsSSLToken: internal (software) nsSSLPersonalitySSL: Server-Cert cn: RSA
note: you can modify dse.ldif easier using ApacheDirectoryStudio
1. at Root DSE -> right click (go to DN..)
2. type cn=config
3. make new entry for cn=RSA,cn=encryption,cn=config
then put the attribute like above
4. then modify the cn=config and cn=encryption
# service dirsrv start
Starting dirsrv:
package...Warning: Incorrect PIN may result in disabling the token
Enter PIN for Internal (Software) Token: p4ssw0rd
[ OK ]
Comments
Post a Comment