Well that did it. I had actually tried that before. Saw it in some Sun forum somewhere or something. However, when I tried it I got some other error so I took it back out. I suspect I had the nsKeyfile and nsCertfile set incorrectly when I tried it the first time. Thanks so much for the help. - Kevin On 8/3/05, Adam Stokes <astokes at redhat.com> wrote: > Kevin Kovach wrote: > > >dn: cn=encryption,cn=config > >objectClass: top > >objectClass: nsEncryptionConfig > >cn: encryption > >nsSSLSessionTimeout: 0 > >nsSSLClientAuth: allowed > >nsSSL2: off > >nsSSL3: on > >creatorsName: cn=server,cn=plugins,cn=config > >modifiersName: cn=root > >createTimestamp: 20050726153224Z > >modifyTimestamp: 20050803144437Z > >nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des\ > >_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha > >nsKeyfile: alias/slapd-birdie-key3.db > >nsCertfile: alias/slapd-birdie-cert8.db > >numSubordinates: 1 > > > >In the following entry I wasn't sure if '(software)' was a comment or > >if it was part of the attr value so I've tried it both ways. Didn't > >seem to change anything. > > > >dn: cn=RSA,cn=encryption,cn=config > >objectClass: top > >objectClass: nsEncryptionModule > >cn: RSA > >nsSSLToken: internal (software) > >nsSSLPersonalitySSL: Server-Cert > >creatorsName: cn=root > >modifiersName: cn=root > >createTimestamp: 20050803144438Z > >modifyTimestamp: 20050803144438Z > > > > > >dn: cn=config > >cn: config > >objectClass: top > >objectClass: extensibleObject > >objectClass: nsslapdConfig > >nsslapd-accesslog-logging-enabled: on > >nsslapd-accesslog-maxlogsperdir: 10 > >nsslapd-accesslog-mode: 600 > >nsslapd-accesslog-maxlogsize: 100 > >nsslapd-accesslog-logrotationtime: 1 > >nsslapd-accesslog-logrotationtimeunit: day > >nsslapd-accesslog-logrotationsync-enabled: off > >nsslapd-accesslog-logrotationsynchour: 0 > >nsslapd-accesslog-logrotationsyncmin: 0 > >nsslapd-accesslog: /opt/fedora-ds/slapd-birdie/logs/access > >nsslapd-enquote-sup-oc: off > >nsslapd-schemacheck: on > >nsslapd-rewrite-rfc1274: off > >nsslapd-return-exact-case: on > >nsslapd-ssl-check-hostname: off > > > >... > > > >modifyTimestamp: 20050803144438Z > >nsslapd-security: on > > > > > >I think those were the three objects modified. If you need more > >please let me know. Thanks. > > > >- Kevin > > > >On 8/3/05, Adam Stokes <astokes at redhat.com> wrote: > > > > > >>On Wed, 3 Aug 2005 16:54:09 -0400 > >>Kevin Kovach <kovach at gmail.com> wrote: > >> > >> > >> > >>>I double checked my key and cert files and they are of the correct > >>>format. Incidentally, those then correspond to the nsCertfile and > >>>nsKeyfile attributes that are made in the config changes? It's not > >>>real clear in the wiki. The wiki suggests that the nsKeyfile and > >>>nsCertfile attrs include 'slapd-directory'. > >>> > >>>I ask because I originally made the config changes by just copying and > >>>pasting the ldif and I went back and changed them afterwards to be > >>>'slapd-<instance name>'. > >>> > >>> > >>The above is correct, again modified the wiki to resemble the changes. > >> > >> > >>>Regardless of that I'm still not able to get the directory to start > >>>up. I'm still seeing the same error in the log ... > >>> > >>>[03/Aug/2005:16:21:44 -0400] - Fedora-Directory/7.1 B2005.201.2115 > >>>starting up [03/Aug/2005:16:21:44 -0400] - SSL failure: None of the > >>>cipher are valid > >>> > >>>I'm going to continue playing with it and research it online, but any > >>>further advice or suggestions would be appreciated. Thanks. > >>> > >>>- Kevin > >>> > >>> > >>Could you post your changes as it shows in /opt/fedora-ds/slapd- > >><instance>/config/dse.ldif? > >> > >>-- > >>....<(^_^)> adam stokes .... > >> > >> > >> > > > > > > > > > In the dn: cn=RSA,cn=encryption,cn=config add the following line > > nsSSLActivation: on > > Sorry for the confusion let me know if this works and ill modify the > wiki accordingly > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Take back the web, http://www.switch2firefox.com/
