I'm attempting to make Sun Directory Server Ent Ed 5.2 use a domain-wide wildcard server cert for LDAPS connections. Someone on a Sun Forum suggested pk12util from the NSS tools, included in Solaris 10, to manage the cert/key databases, so I came here when I couldn't get it to work.
Sun DS assumes you will be generating the private key within its tools, and naturally for a wildcard cert that can't be true. So I'd like to make DS use the existing private key and wildcard server cert, presumably by importing them into Sun's cert8.db and key3.db files with pk12util. However, no matter what syntax I use, pk12util never even gives me an error message; it just repeats the usage message. Here's a sample: sudo -u <Sun DS dbfile owner> /usr/sfw/bin/pk12util -i <pkcs12 wildcard cert/key file> -d <path to cert8.db and key3.db> -k <file containing the Sun DS token password> -P <db filename prefix required by Sun DS> I created the pkcs12 file thusly: openssl pkcs12 -export -nodes -out domain_cert.p12 -inkey <pem encoded private key used to create wildcard csr> -in <pem encoded cert returned from CA> Is there some way to make pk12util at least give me some hint as to what's wrong with the syntax I'm trying? I'm getting frustrated with the less than helpful repetition of the usage message. Thanks in advance, -- Craig Dunigan IS Technical Services Specialist Middleware - EIS - DoIT University of Wisconsin, Madison opinions expressed are my own, not the University's _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto