How to renew self-signed CA certificate openldap - Ask Ubuntu


on year ago setup openldap system based on following ubuntu tutorial: https://help.ubuntu.com/lts/serverguide/openldap-server.html

now ca certificate expired.

tls not working anymore .

any ideas how renew certificate?

ok found solution ourselves. interested did:

apparently forgot set expiration days value , defaulted 365 days. why expired.

the openldap server uses paths of ca certificate cacert.pem, private server key (hostname.slapd.pem) , server certificate (signed cacert.pem). means didn't have change openldap configuration.

we needed recreate / replace ca certificate. convenience reasons kept private certificate authority key , private server key.

  1. we recreated ca certificate using existing private ca key , made sure expiration days value more 1 year. had used template file before , added expiration days line.

  2. we recreated server certificate using existing server private key , signed newly created ca certificate step 1.

  3. we restarted our slapd service

if using replication slave openldap server, not forget sign new slave server certificate new ca certificate , restart slapd service. replication should working then.

all fixed now.


Comments

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User