Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 242

The Administrative Interface
Make sure the client certificate is good for SSL client authentication, otherwise, the server
will not accept the client certificate and will post the following error message in the error
log located in the directory
failure (14290): Error receiving connection
(SEC_ERROR_INADEQUATE_CERT_TYPE - Certificate type not approved for
application.)
Enabling SSL Client Authentication
To enable SSL client authentication in Red Hat Console:
Since you need to use
1.
certificate request, make sure to set the LD_LIBRARY_PATH correctly. To do this,
issue the following command:
setenv LD_LIBRARY_PATH <server_root>/lib:$LD_LIBRARY_PATH
Use
2.
<home_directory>/.mcc
a.
b.
Request the client certificate. Go to the end-entity interface for the CA that will issue
3.
the certificate and click on the Enrollment tab.
Select the "Manual User Dual-Use Certificate Enrollment" link.
4.
Fill in all necessary information required for the form and click Submit.
5.
Once you get the certificate, make sure to import it to the browser.
6.
Export the certificate as p12 file.
7.
Import the client certificate in p12 format to the cert8.db.
8.
./pk12util -i <pk12file> -d "<home directory>/.mcc"
Log in to the CS console (see "Logging Into the CS Console" on page 239).
9.
Go to the Configuration tab, and then select the Users tab in the left hand panel.
10.
Click Certificates to add the client certificate.
11.
The Manager User Certificates window appears.
242 Red Hat Certificate System Administrator's Guide • September 2005
<server_root>/cert-<instanceID>/logs/errors
certutil
in
certutil /bin/cert/tools
Go to the following directory:
<server_root>/bin/cert/tools
Issue the command:
./certutil -N -d <home_directory>/.mcc
to initialize
cert8.db
to initialize the cert8.db and key3.db files in
. To do this:
and and to create
key3.db
: