Re: changing certificate and key for autoca

21 Sep 2023


      Stefan Kania wrote:
...
Hi all,
I like to change the certificate and the key for autoca, but I can't find any description how to do it. I tried the following LDIF:
The LDAP PKI schema uses DER values, not PEM.
...

dn: dc=example,dc=net
changetype: modify
replace: cACertificate;binary
cACertificate;binary:< file:///root/mycert/cacert.pem


replace: cAPrivateKey;binary
cAPrivateKey;binary:< file:///root/mycert/cakey.pem

I got:
root@ldap-r01:~# ldapmodify -Y external -H ldapi:/// -f change-cert.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "dc=example,dc=net"
ldap_modify: Invalid syntax (21)
        additional info: cACertificate;binary: value #0 invalid per syntax

So what is the right way to change the certificate and the key?
Thank's
Stefan
-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: changing certificate and key for autoca

I got: