That carriage return in the Cipher list is just from copying and pasting. I've checked. - Kevin On 8/3/05, Kevin Kovach <kovach at gmail.com> wrote: > dn: cn=encryption,cn=config > objectClass: top > objectClass: nsEncryptionConfig > cn: encryption > nsSSLSessionTimeout: 0 > nsSSLClientAuth: allowed > nsSSL2: off > nsSSL3: on > creatorsName: cn=server,cn=plugins,cn=config > modifiersName: cn=root > createTimestamp: 20050726153224Z > modifyTimestamp: 20050803144437Z > nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des\ > _sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha > nsKeyfile: alias/slapd-birdie-key3.db > nsCertfile: alias/slapd-birdie-cert8.db > numSubordinates: 1 > > In the following entry I wasn't sure if '(software)' was a comment or > if it was part of the attr value so I've tried it both ways. Didn't > seem to change anything. > > dn: cn=RSA,cn=encryption,cn=config > objectClass: top > objectClass: nsEncryptionModule > cn: RSA > nsSSLToken: internal (software) > nsSSLPersonalitySSL: Server-Cert > creatorsName: cn=root > modifiersName: cn=root > createTimestamp: 20050803144438Z > modifyTimestamp: 20050803144438Z > > > dn: cn=config > cn: config > objectClass: top > objectClass: extensibleObject > objectClass: nsslapdConfig > nsslapd-accesslog-logging-enabled: on > nsslapd-accesslog-maxlogsperdir: 10 > nsslapd-accesslog-mode: 600 > nsslapd-accesslog-maxlogsize: 100 > nsslapd-accesslog-logrotationtime: 1 > nsslapd-accesslog-logrotationtimeunit: day > nsslapd-accesslog-logrotationsync-enabled: off > nsslapd-accesslog-logrotationsynchour: 0 > nsslapd-accesslog-logrotationsyncmin: 0 > nsslapd-accesslog: /opt/fedora-ds/slapd-birdie/logs/access > nsslapd-enquote-sup-oc: off > nsslapd-schemacheck: on > nsslapd-rewrite-rfc1274: off > nsslapd-return-exact-case: on > nsslapd-ssl-check-hostname: off > > ... > > modifyTimestamp: 20050803144438Z > nsslapd-security: on > > > I think those were the three objects modified. If you need more > please let me know. Thanks. > > - Kevin > > On 8/3/05, Adam Stokes <astokes at redhat.com> wrote: > > On Wed, 3 Aug 2005 16:54:09 -0400 > > Kevin Kovach <kovach at gmail.com> wrote: > > > > > I double checked my key and cert files and they are of the correct > > > format. Incidentally, those then correspond to the nsCertfile and > > > nsKeyfile attributes that are made in the config changes? It's not > > > real clear in the wiki. The wiki suggests that the nsKeyfile and > > > nsCertfile attrs include 'slapd-directory'. > > > > > > I ask because I originally made the config changes by just copying and > > > pasting the ldif and I went back and changed them afterwards to be > > > 'slapd-<instance name>'. > > > > The above is correct, again modified the wiki to resemble the changes. > > > > > > Regardless of that I'm still not able to get the directory to start > > > up. I'm still seeing the same error in the log ... > > > > > > [03/Aug/2005:16:21:44 -0400] - Fedora-Directory/7.1 B2005.201.2115 > > > starting up [03/Aug/2005:16:21:44 -0400] - SSL failure: None of the > > > cipher are valid > > > > > > I'm going to continue playing with it and research it online, but any > > > further advice or suggestions would be appreciated. Thanks. > > > > > > - Kevin > > > > Could you post your changes as it shows in /opt/fedora-ds/slapd- > > <instance>/config/dse.ldif? > > > > -- > > ....<(^_^)> adam stokes .... > > > > > -- > Take back the web, http://www.switch2firefox.com/ > -- Take back the web, http://www.switch2firefox.com/
