How to renew self-signed CA certificate openldap - Ask Ubuntu
on year ago setup openldap system based on following ubuntu tutorial: https://help.ubuntu.com/lts/serverguide/openldap-server.html
now ca certificate expired.
tls not working anymore .
any ideas how renew certificate?
ok found solution ourselves. interested did:
apparently forgot set expiration days value , defaulted 365 days. why expired.
the openldap server uses paths of ca certificate cacert.pem, private server key (hostname.slapd.pem) , server certificate (signed cacert.pem). means didn't have change openldap configuration.
we needed recreate / replace ca certificate. convenience reasons kept private certificate authority key , private server key.
we recreated ca certificate using existing private ca key , made sure expiration days value more 1 year. had used template file before , added expiration days line.
we recreated server certificate using existing server private key , signed newly created ca certificate step 1.
we restarted our slapd service
if using replication slave openldap server, not forget sign new slave server certificate new ca certificate , restart slapd service. replication should working then.
all fixed now.
Comments
Post a Comment