Hi,
I am trying to integrate RHDS 8.0 with windows 2003 ads on centos 5.1 as per the centos documentation for user/group and password sync from windows ADS.
I am using windows sync and Passsync . But i am facing problem with the certificate creation.
##########################################################################
Followed the below step in centos box runing rhds to setup ssl.
###########################################################################
secretpw
vi noise.txt
dsadasdasdasdadasdasdasdasdsadfwerwerjfdksdjfksdlfhjsdk
certutil -N -d . -f pin.txt (results, makes 3 files with db extension)
certutil -G -d . -z noise.txt -f pin.txt
certutil -S -n "CA Certificate" -s "cn=CAcert" -x -t "CT,,"
-m 1000 -v 9999 -d . -z noise.txt -f pin.txt
(generates CA certificate and puts into db stores, can be verified with:
certutil –L –d . –n "Certificate Name", where Certificate Name is CA Certificate)
certutil -S -n "server-cert" -s "cn=FQDN,cn=Directory Server" -c "CA Certificate" -t "u,u,u" -m 1001 -v 9999 -d .
-z noise.txt -f pin.txt
pk12util -d . -o cacert.pk12 -n "CA Certificate"
pk12util -d . -o dscert.pk12 -n "server-cert"
###############################################################################################################################
After that when i executed ldapsearch -x -ZZ it showing all the entries properly on rhds centos box,
so its indicates ssl was perfectly configured on RHDS
##################################################################################################################################
STEPS FOLLOWED ON WINDOWS 2003 ADS BOX to Set up SSL on the Active Directory Server
pk12util -d . -i dscert.pk12
certutil -d . -M -n server-cert -t "P,P,P"
ERROR
When i executed the above command on windows 2003 ads box it giving me following error
certutil.exe unable to decode trust strings error 0
Also the certificate created from centos box using certutil
is showing validation date and expiration date as current date and time in both CA Cert and Server-cert
i checked the certificate content by using
certutil –L –d . –n "Certificate Name"
certutil –L –d . –n "Server-cert"
Plz help me how to troubleshoot this error.
Regards
lingu