Red Hat Bugzilla – Bug 456224
Clarify section 2.4. Configuring Client TLS in Client Config Guide
Last modified: 2015-01-04 18:33:29 EST
Description of problem:
This would be much easier to understand with an example of exporting the crt to
Version-Release number of selected component (if applicable):
Steps to Reproduce:
It seems there was a lot more wrong/missing in this procedure than realized. I'm
working with Rob to fix it.
I think this makes more sense now. If my test machine stops breaking I'll have a
go at testing it.
Following exists in Section 2.4 of Client config Guide:
1. Modify the following in the /etc/ldap.conf file:
2. Log in to the client machine, and become the root user.
3. Change to the directory where you need to install the CA certificate.
# cd /etc/cacerts
4 Run the following command to copy the CA certificate from the server to the client:
# wget http://ipaserver.example.com/ipa/config/ca.crt
If you installed IPA using your own PKCS#12 files then this self-signed CA will not exist.
5. Install the CA certificate as follows:
# cp cacert.crt /etc/cacerts/`openssl x509 -noout -hash -in cacert.crt`.0
6. If more than one CA certificate is required, concatenate these certificates into a single file.