How to enable SSL in Directory 5.2 without obtaining a real CA
Sorry for initiating a new post although there is an old one similar to this.
But the answer in that old post didn't resolve my problem.
I want to get the certificate, only for test purpose, so I don't want a commercial one.
P.S: Somebody mentioned that the certutil can create certificate, but I read the manual and got that certutil -C use binary request and generate binary certificate that didn't match the requirement used by Sun One Directory Server. More unforturnately, certutil doesn't work for me, reported bad database error.
And the SimpleCA software seems don't work for me.
[623 byte] By [
OliviaDoua] at [2007-11-26 14:48:35]
# 1
Olivia, hopefully by now you have solved your issue but just for the sake of answering that question here so that people having the same issue can later find it I'll go through the motions:
there are a couple of ways you can achieve this.
A. get a certificate for free out there
B. generate your own self signed "fake" certificate.
certutil will certainly let you do this, here's how:
1. First, create a file/directory layout to store your certificates
mkdir -p /path/to/certificates/selfsignedCA
2. Initialize a database for the certificate you want to create
certutil -N -d /path/to/certificates/selfsignedCA -P "ca-"
3. Create a self-signed CA certificate
certutil -S -x -n "ca-cert" -s "cn=SelfSigned CA Certificate,dc=yourSuffix" -t CTPu -v 120 -d /path/to/certificates/selfsignedCA -P "ca-" -5
Note: when prompted, select choice (5) SSL CA and 'y' for critical extensions
4. Export the your newly created self-signed CA certificate in PEM format
certutil -L -d /path/to/certificates/selfsignedCA -P "ca-" -n "ca-cert" -a > /path/to/certificates/selfsignedCA.pem
that should get you going
-=arnaud=-
