How to generate and install a certificate on Red Hat Directory Server

Solution ID:    SO6075
Version:    3.0
Published:    12/13/2007
Updated:    04/04/2012

Problem

How to install a certificate on Red Hat Directory Server

Solution

Note :
You will use the Certificate Request Wizard to generate a certificate request (Step 1) and send it to a Certificate Authority (Step 2).
 
You then use the Certificate Install Wizard to install the certificate (Step 3) and to trust the Certificate Authority's certificate (Step 4). 
 
You will then confirm that your New Certificates are installed (Step 5).
 
These wizards automate the process of creating a certificate database and of installing the key-pair.
 
Step 1: Generate a Certificate Request
 
1. To generate a certificate request and send it to a CA:
  • In the Directory Server Console, select the Tasks tab, and click Manage Certificates.
  • The Manage Certificates window is displayed
2. Select the Server Certs tab, and click the Request button.
  • The Certificate Request Wizard is displayed.
3. Click Next.
 
4. Enter the Requestor Information in the blank text fields, then click Next.
 
Enter the following information:
 
Server Name - Enter the fully qualified hostname of the Directory Server as it is used in DNS lookups; for example, dir.example.com.
 
Organization - Enter the legal name of your company or institution. We require this information from you to verify this information with legal documents such as a copy of a business license.
 
Organizational Unit - Optional. Enter a descriptive name for your organization within your company.
 
Locality - Optional. Enter your company's city name.
 
State or Province - Enter the full name of your company's state or province (no abbreviations).
 
Country - Select the two-character abbreviation for your country's name (ISO format). The country code for the United States is US
  
5. Enter the password that will be used to protect the private key, and click Next.

The Next field is greyed out until you supply a password. When you click Next, the Request Submission dialog box is displayed.
 
6. Select Copy to Clipboard or Save to File to save the certificate request information that you must send to GeoTrust .
 
7. Click Done to dismiss the Certificate Request Wizard.
 
 
Step 2: Send Certificate to Authority
 
Once you have generated the request, you are ready to send it to GeoTrust .
 
Please use the following link to request your certificate with the generated CSR :RapidSSL Certificates 
 
 
Step 3: Install the Certificate
 
1. In the Directory Server Console, select the Tasks tab, and click Manage Certificates.
  • The Manage Certificates window is displayed.
2. Select the Server Certs tab, and click Install.
 
3. The Certificate Install Wizard is displayed.
 
          Choose one of the following options for the certificate location, then click Next.
  • In this file - Enter the absolute path to the certificate in this field.
  • In the following encoded text block - Copy the text from the  email that contains your certificate received from GeoTrust  or from the text file you created, and paste it in this field. For example:
-----BEGIN CERTIFICATE-----
MIICMjCCAZugAwIBAgICCEEwDQYJKoZIhvcNAQEFBQAwfDELMAkGA1UEBhMCVVMx
IzAhBgNVBAoTGlBhbG9va2FWaWxsZSBXaWRnZXRzLCBJbmMuMR0wGwYDVQQLExRX
aWRnZXQgTWFrZXJzICdSJyBVczEpMCcGA1UEAxMgVGVzdCBUZXN0IFRlc3QgVGVz
dCBUZXN0IFRlc3QgQ0EwHhcNOTgwMzEyMDIzMzU3WhcNOTgwMzI2MDIzMzU3WjBP
MQswCQYDVQQGEwJVUzEoMCYGA1UEChMfTmV0c2NhcGUgRGlyZWN0b3J5IFB1Ymxp
Y2F0aW9uczEWMBQGA1UEAxMNZHVgh49dq2itLmNvbTBaMA0GCSqGSIb3
-----END CERTIFICATE-----
 
4. Check that the certificate information displayed is correct, and click Next.
 
5. Specify a name for the certificate, and click Next.
 
6. Verify the certificate by providing the password that protects the private key.
 
Now that you have installed your certificate, you need to configure your server to trust the Certificate Authority from which you obtained the server's certificate.
 
 
Step 4: Trust the Certificate Authority
 
Configuring your Directory Server to trust the certificate authority consists of obtaining your CA's certificate and installing it into your server's certificate database. This process differs depending on the certificate authority you use. Some commercial CAs provide a web site that allows you to automatically download the certificate. Others will email it to you upon request.
 
You can Obtain the CA root Certificates from the following link depending what certificate you are using :
RapidSSL and FreeSSL Roots  : CPS and Root Certificates
 
Once you have the CA certificate, you can use the Certificate Install Wizard to configure the Directory Server to trust the Certificate Authority.
 
1. In the Directory Server Console, select the Tasks tab, and click Manage Certificates.
  • The Manage Certificates window is displayed.
2. Go to the CA Certs tab, and click Install.
  • The Certificate Install Wizard is displayed.
3. If you saved the CA Root  certificate to a file, enter the path in the field provided. If you received the CA Root certificate via email, copy and paste the certificate, including the headers, into the text field provided. Click Next.
 
4. Check that the certificate information that is displayed is correct, and click Next.
 
5. Specify a name for the certificate, and click Next.
 
6. Select the purpose of trusting this Certificate Authority (you can select both)
  • Accepting connections from clients (Client Authentication) - The server checks that the client's certificate has been issued by a trusted Certificate Authority.
  • Accepting connections to other servers (Server Authentication) - This server checks that the directory to which it is making a connection (for replication updates, for example) has a certificate that has been issued by a trusted Certificate Authority.
7. Click Done to dismiss the wizard.
 
Once you have installed your certificate and trusted the CA's certificate, you are ready to activate SSL. However, you should first make sure that the certificates have been installed correctly. 
 
 
Step 5: Confirm That Your New Certificates Are Installed
 
1. In the Directory Server Console, select the Tasks tab, and click Manage Certificates.
  • The Manage Certificates window is displayed.
2. Select the Server Certs tab.
  • A list of all the installed certificates for the server is displayed.
3. Scroll through the list. You should find the certificates you installed.
 
Your server is now ready for SSL activation.
 
Please use the following link if your require more information on Red Hat Directory Server 7.1

 

Legacy ID

vs42090

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center


Search Tips