Hello, I've worked through the SSL howto on the FDS site and everything went well until I got to the part where I modified the schema. The /tmp/ssl_enable.ldif modifications that are suggested work well up to the point where it tries to modify cn=RSA,cn=encryption,cn=config To be specific, the recommended changes are as follows... dn: cn=encryption,cn=config changetype: modify replace: nsSSL3 nsSSL3: on - replace: nsSSLClientAuth nsSSLClientAuth: allowed - add: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha, +rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fo - add: nsKeyfile nsKeyfile: alias/slapd-directory-key3.db - add: nsCertfile nsCertfile: alias/slapd-directory-cert8.db dn: cn=RSA,cn=encryption,cn=config changetype: modify add: nsSSLPersonalitySSL nsSSLPersonalitySSL: Server-Cert dn: cn=config changetype: modify add: nsslapd-security nsslapd-security: on - replace: nsslapd-ssl-check-hostname nsslapd-ssl-check-hostname: off It seems as though when I get to the point where I want to add the 'nsSSLPersonalitySSL' attribute my directory server complains that the 'cn=RSA,cn=encryption,cn=config' object does not exist to be modified. I don't see anywhere in the HOWTO where I would have created this object. Am I missing something? Thanks. - Kevin
