/etc/dirsrvadmin-serv$assecdirslapd-localhost$secdir
(ps -ef ; w ) | sha1sum | awk '{print $1}' > $secdir/pwdfile.txt
(w ; ps -ef ; date ) | sha1sum | awk '{print $1}' > $secdir/noise.txt
key3.dbcert8.db
certutil -N -d $secdir -f $secdir/pwdfile.txt
certutil -G -d $secdir -z $secdir/noise.txt \ -f $secdir/pwdfile.txt
( echo y ; echo ; echo y ) | certutil -S -n \ "CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 \ -d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt -2
certutil -L -d $secdir -n "CA certificate" -a \ > $secdir/cacert.asc
certutil -S -n "Server-Cert" \ -s "cn=$myhost,ou=389 Directory Server" -c "CA certificate" \ -t "u,u,u" -m 1001 -v 120 -d $secdir -z $secdir/noise.txt \ -f $secdir/pwdfile.txt
certutil -S -n "server-cert" \ -s "cn=$myhost,ou=389 Administration Server" -c "CA certificate" \ -t "u,u,u" -m 1002 -v 120 -d $secdir -z $secdir/noise.txt \ -f $secdir/pwdfile.txt
pk12util -d $secdir -o $secdir/adminserver.p12 \ -n server-cert -w $secdir/pwdfile.txt -k $secdir/pwdfile.txt
pin
echo 'Internal (Software) Token:'$(cat $secdir/pwdfile.txt) \ > $secdir/pin.txt
certutil -N -d $assecdir -f $secdir/pwdfile.txt
pk12util -d $assecdir -n server-cert -i $secdir/adminserver.p12 \ -w $secdir/pwdfile.txt -k $secdir/pwdfile.txt
certutil -A -d $assecdir -n "CA certificate" -t "CT,," -a -i $secdir/cacert.asc
echo 'internal:'$(cat $secdir/pwdfile.txt) > $assecdir/password.conf
cd $assecdir sed -e "s@^NSSPassPhraseDialog .*@NSSPassPhraseDialog \ file:$(pwd)/password.conf@" \ nss.conf > /tmp/nss.conf && mv /tmp/nss.conf nss.conf
ldapmodify -x -h localhost -p $ldapport -D "cn=directory manager" -W <<EOF dn: cn=encryption,cn=config changetype: modify replace: nsSSL3 nsSSL3: on - replace: nsSSLClientAuth nsSSLClientAuth: allowed - add: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5, +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza, +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha, +tls_rsa_export1024_with_des_cbc_sha dn: cn=config changetype: modify add: nsslapd-security nsslapd-security: on - replace: nsslapd-ssl-check-hostname nsslapd-ssl-check-hostname: off - replace: nsslapd-secureport nsslapd-secureport: 636 dn: cn=RSA,cn=encryption,cn=config changetype: add objectclass: top objectclass: nsEncryptionModule cn: RSA nsSSLPersonalitySSL: Server-Cert nsSSLToken: internal (software) nsSSLActivation: on EOF
certutil -L -d $assecdir
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
server-cert u,u,u
CA certificate CT,, certutil -K -d $assecdir/ -f $sec/pwdfile.txt
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa 1ae87c956dacc7660f54e5df4fc84f2d8dba9087 server-cert
certutil -L -d $secdir
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA certificate CTu,u,u
server-cert u,u,u
Server-Cert u,u,ucertutil -K -d $sec -f $sec/pwdfile.txt
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" < 0> rsa d4f0455375123825d775398fabf47ebc72daacd9 (orphan) < 1> rsa bde07c7c5fa9daf52604d4a5010990257d0430e8 NSS Certificate DB:Server-Cert < 2> rsa 1ae87c956dacc7660f54e5df4fc84f2d8dba9087 NSS Certificate DB:server-cert < 3> rsa dad82b3c03db5b3c632d7c329e4a9389ac2eaa1f NSS Certificate DB:CA certificate