Kevin Kovach wrote: >Thanks for the help. I've added that object and was able to modify >the configuration without further issues. > >Unfortunately, I've run into another problem now. Now when I try to >start the directory it's complaining about one of the ciphers. I get >the following error when I attempt to start the server ... > >[03/Aug/2005:13:19:35 -0400] - SSL alert: Security Initialization: >Failed to set SSL cipher preference information: unknown cipher fo >(Netscape Portable Runtime error -5950 - File not found.) >[03/Aug/2005:13:19:35 -0400] - ERROR: SSL Initialization Failed. > >It looks like it's complaining about the 'fo cipher' that was added in >the same configuration modifications? The change I'm talking about is >the following ... > >add: nsSSL3Ciphers >nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha, >+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fo > > That's definitely truncated. +fo is not correct. It's probably another Fortezza cipher. There may be other ciphers that are missing. >I looked at the dse.ldif file and it looks like it was added correctly >(as it's presented in the SSL HOWTO) Any advice? Thanks. > >- Kevin > > >On 8/3/05, Adam Stokes <astokes at redhat.com> wrote: > > >>On Wed, 2005-08-03 at 10:35 -0400, Kevin Kovach wrote: >> >> >>>Hello, >>> >>>I've worked through the SSL howto on the FDS site and everything went >>>well until I got to the part where I modified the schema. >>> >>>The /tmp/ssl_enable.ldif modifications that are suggested work well up >>>to the point where it tries to modify cn=RSA,cn=encryption,cn=config >>> >>>To be specific, the recommended changes are as follows... >>> >>>dn: cn=encryption,cn=config >>>changetype: modify >>>replace: nsSSL3 >>>nsSSL3: on >>>- >>>replace: nsSSLClientAuth >>>nsSSLClientAuth: allowed >>>- >>>add: nsSSL3Ciphers >>>nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha, >>>+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fo >>>- >>>add: nsKeyfile >>>nsKeyfile: alias/slapd-directory-key3.db >>>- >>>add: nsCertfile >>>nsCertfile: alias/slapd-directory-cert8.db >>> >>>dn: cn=RSA,cn=encryption,cn=config >>>changetype: modify >>>add: nsSSLPersonalitySSL >>>nsSSLPersonalitySSL: Server-Cert >>> >>>dn: cn=config >>>changetype: modify >>>add: nsslapd-security >>>nsslapd-security: on >>>- >>>replace: nsslapd-ssl-check-hostname >>>nsslapd-ssl-check-hostname: off >>> >>>It seems as though when I get to the point where I want to add the >>>'nsSSLPersonalitySSL' attribute my directory server complains that the >>>'cn=RSA,cn=encryption,cn=config' object does not exist to be modified. >>> >>>I don't see anywhere in the HOWTO where I would have created this >>>object. Am I missing something? Thanks. >>> >>>- Kevin >>> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>Refresh the wiki page I have updated this problem. >> >>Thanks for pointing that out please create an ldif /tmp/addrsa.ldif and >>have the following : >> >>dn: cn=RSA,cn=encryption,cn=config >>objectclass: top >>objectclass: nsEncryptionModule >>cn: RSA >>nsSSLPersonalitySSL: Server-Cert >>nsSSLToken: internal (software) >> >>Use ldapadd to add the entry into the directory server.. Ill fix the >>how-to now as well :) >> >> >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20050803/aec3421a/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3312 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20050803/aec3421a/attachment.bin
