Hi all,
I like to change the certificate and the key for autoca, but I can't find any description how to do it. I tried the following LDIF: --------------- dn: dc=example,dc=net changetype: modify replace: cACertificate;binary cACertificate;binary:< file:///root/mycert/cacert.pem - replace: cAPrivateKey;binary cAPrivateKey;binary:< file:///root/mycert/cakey.pem --------------- I got: --------------- root@ldap-r01:~# ldapmodify -Y external -H ldapi:/// -f change-cert.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "dc=example,dc=net" ldap_modify: Invalid syntax (21) additional info: cACertificate;binary: value #0 invalid per syntax ---------------- So what is the right way to change the certificate and the key?
Thank's
Stefan
Stefan Kania wrote:
Hi all,
I like to change the certificate and the key for autoca, but I can't find any description how to do it. I tried the following LDIF:
The LDAP PKI schema uses DER values, not PEM.
dn: dc=example,dc=net changetype: modify replace: cACertificate;binary cACertificate;binary:< file:///root/mycert/cacert.pem
replace: cAPrivateKey;binary cAPrivateKey;binary:< file:///root/mycert/cakey.pem
I got:
root@ldap-r01:~# ldapmodify -Y external -H ldapi:/// -f change-cert.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "dc=example,dc=net" ldap_modify: Invalid syntax (21) additional info: cACertificate;binary: value #0 invalid per syntax
So what is the right way to change the certificate and the key?
Thank's
Stefan
Thank you, now it's working. Would be nice if it documented somewhere, maybe the manpage :-)
Am 21.09.23 um 18:08 schrieb Howard Chu:
Stefan Kania wrote:
Hi all,
I like to change the certificate and the key for autoca, but I can't find any description how to do it. I tried the following LDIF:
The LDAP PKI schema uses DER values, not PEM.
dn: dc=example,dc=net changetype: modify replace: cACertificate;binary cACertificate;binary:< file:///root/mycert/cacert.pem
replace: cAPrivateKey;binary cAPrivateKey;binary:< file:///root/mycert/cakey.pem
I got:
root@ldap-r01:~# ldapmodify -Y external -H ldapi:/// -f change-cert.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "dc=example,dc=net" ldap_modify: Invalid syntax (21) additional info: cACertificate;binary: value #0 invalid per syntax
So what is the right way to change the certificate and the key?
Thank's
Stefan
Am 21.09.23 um 19:13 schrieb Stefan Kania:
Thank you, now it's working. Would be nice if it documented somewhere, maybe the manpage :-)
^.^ found it in the Manpage, it's late :-)
Am 21.09.23 um 18:08 schrieb Howard Chu:
Stefan Kania wrote:
Hi all,
I like to change the certificate and the key for autoca, but I can't find any description how to do it. I tried the following LDIF:
The LDAP PKI schema uses DER values, not PEM.
dn: dc=example,dc=net changetype: modify replace: cACertificate;binary cACertificate;binary:< file:///root/mycert/cacert.pem
replace: cAPrivateKey;binary cAPrivateKey;binary:< file:///root/mycert/cakey.pem
I got:
root@ldap-r01:~# ldapmodify -Y external -H ldapi:/// -f change-cert.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "dc=example,dc=net" ldap_modify: Invalid syntax (21) additional info: cACertificate;binary: value #0 invalid per syntax
So what is the right way to change the certificate and the key?
Thank's
Stefan
Stefan Kania wrote:
Thank you, now it's working. Would be nice if it documented somewhere, maybe the manpage :-)
That is precisely what the ";binary" option means. It is documented in RFC4522.
You should not be using attribute options without understanding what they mean.
Am 21.09.23 um 18:08 schrieb Howard Chu:
Stefan Kania wrote:
Hi all,
I like to change the certificate and the key for autoca, but I can't find any description how to do it. I tried the following LDIF:
The LDAP PKI schema uses DER values, not PEM.
dn: dc=example,dc=net changetype: modify replace: cACertificate;binary cACertificate;binary:< file:///root/mycert/cacert.pem
replace: cAPrivateKey;binary cAPrivateKey;binary:< file:///root/mycert/cakey.pem
I got:
root@ldap-r01:~# ldapmodify -Y external -H ldapi:/// -f change-cert.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "dc=example,dc=net" ldap_modify: Invalid syntax (21) additional info: cACertificate;binary: value #0 invalid per syntax
So what is the right way to change the certificate and the key?
Thank's
Stefan
openldap-technical@openldap.org
-
Howard Chu -
Stefan Kania