[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-technical
Subject: Re: changing certificate and key for autoca
From: Howard Chu <hyc () symas ! com>
Date: 2023-09-21 18:04:36
Message-ID: b239a36f-6051-0f4d-e90c-fbd5f4cc7e9e () symas ! com
[Download RAW message or body]
Stefan Kania wrote:
> Thank you, now it's working. Would be nice if it documented somewhere, maybe the \
> manpage :-)
That is precisely what the ";binary" option means. It is documented in RFC4522.
You should not be using attribute options without understanding what they mean.
>
>
>
> Am 21.09.23 um 18:08 schrieb Howard Chu:
> > Stefan Kania wrote:
> > > Hi all,
> > >
> > > I like to change the certificate and the key for autoca, but I can't find any \
> > > description how to do it. I tried the following LDIF:
> >
> > The LDAP PKI schema uses DER values, not PEM.
> >
> > > ---------------
> > > dn: dc=example,dc=net
> > > changetype: modify
> > > replace: cACertificate;binary
> > > cACertificate;binary:< file:///root/mycert/cacert.pem
> > > -
> > > replace: cAPrivateKey;binary
> > > cAPrivateKey;binary:< file:///root/mycert/cakey.pem
> > > ---------------
> > > I got:
> > > ---------------
> > > root@ldap-r01:~# ldapmodify -Y external -H ldapi:/// -f change-cert.ldif
> > > SASL/EXTERNAL authentication started
> > > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> > > SASL SSF: 0
> > > modifying entry "dc=example,dc=net"
> > > ldap_modify: Invalid syntax (21)
> > > additional info: cACertificate;binary: value #0 invalid per syntax
> > > ----------------
> > > So what is the right way to change the certificate and the key?
> > >
> > >
> > > Thank's
> > >
> > >
> > > Stefan
> > >
> > >
> >
> >
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic