I'm attempting to make Sun Directory Server Ent Ed 5.2 use a 
domain-wide wildcard server cert for LDAPS connections.  Someone on a 
Sun Forum suggested pk12util from the NSS tools, included in Solaris 
10, to manage the cert/key databases, so I came here when I couldn't 
get it to work.

Sun DS assumes you will be generating the private key within its 
tools, and naturally for a wildcard cert that can't be true.  So I'd 
like to make DS use the existing private key and wildcard server cert, 
presumably by importing them into Sun's cert8.db and key3.db files 
with pk12util.  However, no matter what syntax I use, pk12util never 
even gives me an error message; it just repeats the usage message. 
Here's a sample:

sudo -u <Sun DS dbfile owner> /usr/sfw/bin/pk12util -i <pkcs12 
wildcard cert/key file> -d <path to cert8.db and key3.db> -k <file 
containing the Sun DS token password> -P <db filename prefix required 
by Sun DS>

I created the pkcs12 file thusly:

openssl pkcs12 -export -nodes -out domain_cert.p12 -inkey <pem encoded 
private key used to create wildcard csr> -in <pem encoded cert 
returned from CA>

Is there some way to make pk12util at least give me some hint as to 
what's wrong with the syntax I'm trying?  I'm getting frustrated with 
the less than helpful repetition of the usage message.  Thanks in 
advance,

-- 
Craig Dunigan
IS Technical Services Specialist
Middleware - EIS - DoIT
University of Wisconsin, Madison

opinions expressed are my own, not the University's
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to