2011/10/19 Chris Cawley <cawley@wrlc.org>

Went back to the docs again and this resolved that issue:

certutil -A -i /var/tmp/wrlc.org.crt  -t "u,u,u" -d /etc/dirsrv/slapd-ldap -n "server-cert"


However, I now get this error:

[19/Oct/2011:10:34:36 -0400] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - Peer's Certificate issuer is not recognized.)


I am guessing that there are other certutil commands?


BTW, this all came about because the gui does not support 2048 bit csr’s.


This is good since it works now, all you need is to run 1 more certutil command to import the CA cert.  I noticed sometimes there were certs that didn't appear in the GUI, but certutil -L would show they were there.  hope this helps..