3. Creating a server certificate
Prev   Next

3. Creating a server certificate

This section demonstrates how to create a certificate for an SSL-enabled LDAP server.

3.1. Creating a server certificate request

  1. Create a request configuration file: 

      # cp /etc/ssl/openssl_server_req.template /etc/ssl/ldap_req.cnf

  2. Change the following property in the [req] section: 

      default_keyfile = /etc/ssl/private/ldap_key.pem

  3. Change the following properties in the [req_distinguished_name] section: 

      commonName = ldap.intra.net
  emailAddress = ldap.admin@joe.org

  4. Change the [altdns] section to add alternative names for the server (in case it has them): 

      DNS.1 = joesmachine.hisisp.net
  DNS.2 = server1.intra.net
  DNS.3 = ldap.joe.org
  DNS.4 = localhost
  IP.1  = 192.168.120.30
  IP.2  = 163.61.64.62
  IP.3  = 127.0.0.1

  5. Generate the certificate request: 

      # cd
  # openssl req -config /etc/ssl/ldap_req.cnf -newkey rsa:2048 -out ldapreq.pem -outform PEM
  # chmod 400 /etc/ssl/private/ldap_key.pem

3.2. Signing a certificate request

  # openssl ca -in ldapreq.pem -out /etc/ssl/certs/ldap.pem
Prev Up Next
2. Creating a Certificate Authority Home 4. Inspecting objects