Importing Trusted Root Certificate

To import a trusted root certificate, enter the following:

kdb5_util [-D user_dn [-w passwd]] [-h ldap_server] [-p ldap_port] 
    
import_cert [-y] [-e encode_format] -f certificate_file


Table 35. import_cert Parameter Description

Parameter Description

-D

Distinguished name of the user who has sufficient rights to authenticate to the LDAP server.

-w

Specifies the userdn password. We do not recommend you to use this.

-h

Host name or IP Address of the server hosting LDAP service for a Kerberos realm.

-p

SSL port number of the LDAP server.

-y

If specified, will not prompt the user to accept the certificate, instead assumes that user agrees to accept.

-e

Encoding format of the Trusted Root Certificate to be imported. DER is the default encoding format used.

-f

Complete path of the file which will contain the Trusted Root Certificate upon successfully getting the certificate.

For example:

kdb5_util -h ldap-server1.mit.edu -p 636 import_cert -e der -f /opt/novell/kerberos/certs/trustedroot.der

The output is as follows:

Trusted Root Certificate received. 
Certificate Information: 
  Status:       self signed certificate in certificate chain 
  Issuer:       /OU=Organizational CA/O=KAILASA 
  Subject:      /OU=Organizational CA/O=KAILASA 
  Valid From:   Saturday, April 02, 2005 03:18:56 PM IST 
  Valid Till:   Thursday, April 02, 2015 03:18:56 PM IST 
 
Would you like to accept the certificate? (Y/N): y