Open mwilck opened 1 year ago
Hi @mwilck , for some reason GitHub decided not to notify me at all about your issue, sorry...
dirsrv_tls_key_file
is the path to the .key file containing the private key, dirsrv_tls_key
is the private key itself if you want to supply it without an intermediate file - the key is added to the NSS database inside 389DS, so if you supply a file the role will read the key and add it to the database anyway, 389DS doesn't read the file.
I don't know if 389DS can generate a certificate on its own, but I don't think it will work with this role. If you want to use a self-signed certificate, you have to create it manually and supply it to the role. Here's an old example that I used to generate certificates for testing: https://github.com/lvps/389ds-examples/blob/master/ca/cert.sh It should work but I don't recommend using it in production, as I'm not sure if it's really secure.
Hope this helps!
I apologize for this probably dumb question, but I'm confused.
Running the role with
dirsrv_selfsigned_cert: true
, I hit the following issue:I had the following settings:
I had not set either
dirsrv_tls_key
ordirsrv_tls_key_file
(and I had no idea what to set it to). I worked around it by settingdirsrv_tls_enabled: false
, but I'm unsure if this is correct, because I do want to use TLS (just with the self-signed cert for the time being). Can you confirm?