How do I create test self-signed certificates using 'certutil' with Red Hat Directory Server to allow PAM LDAP clients to communicate over SSL?

Solution Verified - Updated -


  • Creating a self signed digital certificates should only be used for testing purposes only. Otherwise use a subordinate CA to keep the trusted certificate chains valid.
  • This article shows how to create self-signed digital certificates to use with Red Hat Directory Server 8 or 9, and how to configure a PAM and NSS LDAP client to trust and test root CA on RHEL 5 or 6.


  • Red Hat Directory Server (All Versions)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content