This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 456224 - Clarify section 2.4. Configuring Client TLS in Client Config Guide
Clarify section 2.4. Configuring Client TLS in Client Config Guide
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise IPA
Classification: Retired
Component: ipa-client-config-guide (Show other bugs)
1.1
All Linux
low Severity low
: ---
: ---
Assigned To: David O'Brien
Chandrasekar Kannan
: Documentation
Depends On:
Blocks: 453489
  Show dependency treegraph
 
Reported: 2008-07-22 07:45 EDT by David O'Brien
Modified: 2015-01-04 18:33 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-11-18 18:04:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David O'Brien 2008-07-22 07:45:51 EDT
Description of problem:

This would be much easier to understand with an example of exporting the crt to
ASCII.

Version-Release number of selected component (if applicable):
1.0

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 David O'Brien 2008-07-24 06:25:47 EDT
It seems there was a lot more wrong/missing in this procedure than realized. I'm
working with Rob to fix it.
Comment 2 David O'Brien 2008-07-27 22:16:09 EDT
I think this makes more sense now. If my test machine stops breaking I'll have a
go at testing it.
Comment 3 Jenny Galipeau 2008-11-25 15:54:38 EST
Fix Verified:

Following exists in Section 2.4 of Client config Guide:

1. Modify the following in the /etc/ldap.conf file:

URI     ldap://ipaserver.example.com
BASE dc=example,dc=com
HOST ipaserver.example.com
TLS_CACERTDIR /etc/cacerts/
TLS_REQCERT allow

2. Log in to the client machine, and become the root user.

3. Change to the directory where you need to install the CA certificate.

# cd /etc/cacerts 

4 Run the following command to copy the CA certificate from the server to the client:

# wget http://ipaserver.example.com/ipa/config/ca.crt

If you installed IPA using your own PKCS#12 files then this self-signed CA will not exist.

5. Install the CA certificate as follows:

# cp cacert.crt /etc/cacerts/`openssl x509 -noout -hash -in cacert.crt`.0 

6. If more than one CA certificate is required, concatenate these certificates into a single file.
Comment 4 Andrew Ross 2009-11-18 18:04:07 EST
Closing.

Note You need to log in before you can comment on or make changes to this bug.