Problem with adding CA signed Certificate to DSEE Ldap Instance
807573Dec 30 2009 — edited Jan 5 2010I am trying to enable SSL with the SUN DSEE LDAP server.
DSEE version: 6.0
Solaris version: 10.3
I am following instructions from the SUNDSEE-ADMIN guide to generate the cert request, and got the signed certificate file. So here is my procedure:
1. generate cert request:
dsadm request-cert ...
2. send the request file to CA
3. got the signed cert back from CA with format like this:
----------BEGIN CERTIFICATE------------
............
----------END OF CERTIFICATE----------
So now I got two files at hand: the cert request, and the signed cert.
Then I am trying to add the cert to the cert store for my LDAP instance:
$ dsadm add-cert /path/to/instance my-cert ldapcert.crt
Unable to find private key for this certificate.
Failed to add the certificate.
$ dsadm add-cert -C /path/to/instance my-cert ldapcert.crt
This command will complete. But if you list cert, you can only see the CA cert, no new server cert.
My question is, where is this private key file stored? I searched on the forum, and someone mentioned the private key is generated when you issue request-cert command.
So how can I add the server cert? What procedure am I missing here? If you only get one cert file which only has the public key in it from CA, how do you add the server cert apart from the CA cert?
Let me know if I have a wrong understanding for the procedure.
Thanks!