LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-25-2016, 02:41 AM   #1
scryptkiddy
LQ Newbie
 
Registered: Jan 2014
Posts: 20

Rep: Reputation: Disabled
CA Certificate and LDAP Authentication issue


So I been reading a lot about this and getting ready for my RHCSA exam (this Friday no less) and this is the last area that I'm really struggling with. I just wanna test how to do this, but I need a working ldap server with a ca cert..

I've got Red Hat 7 machine built, and I'm using authconfig-gtk, and when I get to TLS part and check the box it says to give the URL where the CA certificate is...

Yeah, well, I have an LDAP server (Win 2008 R2 server), with DNS / AD services, but I have no idea how to create a CA certificate. Even if I did, how would I fill in the authconfig-gtk url? It would be a file sitting remotely on a AD server, which is not running IIS... and I'm not a Windows guy by any means, so I don't wanna run to far down that track.

I'd prefer to simply create and export the CA cert on the Windows server (don't know how to do that either) and just put it in the /etc/openldap/certs dir but that doesn't seem to be an option, as the gui only wants the url of the ldap server where the ca cert is at.

So... is there a free virtual lab that has a CA Cert all ready to go that I can test my RH 7 box against so that I'm a bit more sure of that section of the exam? Or can someone give me a little nudge in the right direction?

Thanks LQ

SK
 
Old 05-25-2016, 09:31 AM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170
Google, for instance, "easy-rsa" ...
 
Old 05-25-2016, 02:13 PM   #3
scryptkiddy
LQ Newbie
 
Registered: Jan 2014
Posts: 20

Original Poster
Rep: Reputation: Disabled
Quote:
oogle, for instance, "easy-rsa" ...
Thanks sundialsvcs. After reading up on it, I'm assuming your suggestion is to start over and build an OpenVPN server and use it for LDAP authentication testing instead of using the Windows Server?

SK
 
Old 06-03-2016, 05:18 AM   #4
scryptkiddy
LQ Newbie
 
Registered: Jan 2014
Posts: 20

Original Poster
Rep: Reputation: Disabled
Does anyone else have any suggestions?
 
Old 06-03-2016, 01:02 PM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170Reputation: 3170
No, my suggestion was simply that "easy-rsa" provides easy-to-use tools for quickly creating one kind of CA and related certificates: those used by SSL. They're commonly supplied with OpenVPN because that's the authentication protocol that it uses. You can, in a matter of a few minutes, create a set of self-signed certificates, signed by your own self-made CA.
 
Old 06-04-2016, 04:55 AM   #6
scryptkiddy
LQ Newbie
 
Registered: Jan 2014
Posts: 20

Original Poster
Rep: Reputation: Disabled
Hmm, I need more details. It seems as if I'm the only one who is trying to create an Windows server to test LDAP authentication from a Red Hat 7 system. It is a well documented process (the Red Hat side), but I'm asking if anyone knows how to create a certificate on an LDAP server that the RH system can use for TLS communication.

From what I understand, "easy-rsa" is a tool, got it. It allows me to create self signed certs, got that too. But how do I 1) Install / use easy-rsa on Windows 2008 server? 2) Get that cert into a usable format for the Red Hat to use to authenticate a user to a Windows 2008 LDAP server? I'm not a Windows guy, lol

Last edited by scryptkiddy; 06-04-2016 at 04:58 AM.
 
Old 06-04-2016, 05:06 AM   #7
notKlaatu
Senior Member
 
Registered: Sep 2010
Location: Wellington, New Zealand
Distribution: Slackware, Fedora, NetBSD
Posts: 1,048

Rep: Reputation: 712Reputation: 712Reputation: 712Reputation: 712Reputation: 712Reputation: 712Reputation: 712
I don't understand why you want to create the cert on Windows. Why not just create it on Red Hat and then use it on the AD server? A cert does not have to be generated on the machine it is going to be used on.

Alternately, do as sundialcvs says and use something like easy-rsa (or download and install openSSL for Windows) to generate the certs on Windows.

A cert is just a file, a lot like an SSH key. Generate it, install it to the default certificate location or your preferred location, and request it from any server for verification and authentication.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ldap authentication issue sachin.davra Linux - Newbie 1 08-08-2014 10:10 AM
[SOLVED] Troubleshooting AD LDAP authentication issue angel115 Linux - Server 2 06-30-2014 07:44 AM
LDAP Authentication Issue PLEASE HELP!! twoollard Linux - General 9 03-16-2009 04:33 PM
Issue during the LDAP Client Authentication?? ajeetraina Linux - Server 0 11-07-2007 11:54 PM
vsftpd using Ldap+pam authentication issue PhillipHuang Linux - Software 1 09-26-2006 11:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration