910009 – SSL Certificate Reference Appendix

Bug 910009 - SSL Certificate Reference Appendix

Summary: SSL Certificate Reference Appendix

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise MRG
Classification:	Red Hat
Component:	Messaging_Installation_and_Configuration_Guide
Sub Component:
Version:	2.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Joshua Wulf
QA Contact:	Petr Matousek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-02-11 15:56 UTC by Joshua Wulf
Modified:	2014-10-19 23:01 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-13 23:59:20 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	846302	0	high	CLOSED	export ssl certificate from nss db in pem format needs to be documented	2021-02-22 00:41:40 UTC

Internal Links: 846302

Description Joshua Wulf 2013-02-11 15:56:20 UTC

I have included a new SSL Certificate Reference Appendix in the book. It needs to be checked by QE.

Comment 1 Joshua Wulf 2013-02-18 01:56:18 UTC

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Installation_and_Configuration_Guide/index.html#appe-OpenSSL_Certificate_Reference

Comment 2 Petr Matousek 2013-02-18 15:11:30 UTC

The content in Appendix B seems to be correct, I have only few comments:

1.) B.1. Reference of Certificates

The link to www.openssl.org points to a not valid location:
/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Messaging_Installation_and_Configuration_Guide/www.openssl.org

use http:// in the link

3.) "Create Your Own Certificate Authority" paragraph:

step 2.:
- d. Create a file containing an initial serial number (for example, 1) at /etc/pki/CA/serial. 
+ d. Create a file containing an initial serial number (for example, 01) at /etc/pki/CA/serial. 

(the serial number is in HEX format, ie. the count of digits in the number given must be even)

2.) "Create Your Own Certificate Authority" paragraph:
The default set-up is valid for rhel6, on rhel5 two more actions needs to be done:

step 2.:
+ e.) Create the directory where new certificates will be stored: /etc/pki/CA/newcerts (RHEL5 only)

step 3.: User must enter the following directory before the command execution:
(in rhel6 the command can be executed from arbitrary location, so execution from /etc/pki/tls/cert works as well, therefore I suggest to just add the line and do not distinguish between rhel versions here)

+ cd /etc/pki/tls/cert (needed RHEL5 only)
# openssl ca -notext -out mynewcert.pem -infiles myreq.pem

Comment 3 Joshua Wulf 2013-02-19 00:50:00 UTC

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Messaging_Installation_and_Configuration_Guide/appe-OpenSSL_Certificate_Reference.html

Comment 4 Petr Matousek 2013-02-19 08:45:18 UTC

Hi Joshua, changes are OK, but I made a copy&paste failure in the previous command, my apologise for that:

- cd /etc/pki/tls/cert
+ cd /etc/pki/tls/certs

--

I have also noticed that you added both the new steps to "step 2." of "Create Your Own Certificate Authority" paragraph (that's ok), because both are related only to rhel5 I suggest the following improvement:

- e. RHEL 5 Only: Create the directory where new certificates will be stored: /etc/pki/CA/newcerts
- f. Change to the certificate directory: cd /etc/pki/tls/certs. 

- e. On RHEL 5 two additional steps must be node: 
    Create the directory where new certificates will be stored: /etc/pki/CA/newcerts
    Change to the certificate directory: cd /etc/pki/tls/certs. 

But that's only a suggestion you don't need to apply this change.

Comment 5 Petr Matousek 2013-02-19 08:49:44 UTC

(In reply to comment #4) 
correction: of course I meant plus sign here:
> - e. On RHEL 5 two additional steps must be node: 
+ e. On RHEL 5 two additional steps must be node:

Comment 6 Joshua Wulf 2013-02-19 10:21:08 UTC

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Messaging_Installation_and_Configuration_Guide/appe-OpenSSL_Certificate_Reference.html

Comment 7 Petr Matousek 2013-02-19 10:36:30 UTC

Content approved.

Version used for verification:
Messaging Installation and Configuration Guide (Revision 1.0.0-51)

-> VERIFIED

Comment 8 Cheryn Tan 2013-03-13 23:59:20 UTC

Docs published on https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_MRG/

Note You need to log in before you can comment on or make changes to this bug.