Kevin Kovach wrote: >Well that did it. I had actually tried that before. Saw it in some >Sun forum somewhere or something. However, when I tried it I got some >other error so I took it back out. I suspect I had the nsKeyfile and >nsCertfile set incorrectly when I tried it the first time. > >Thanks so much for the help. > >- Kevin > >On 8/3/05, Adam Stokes <astokes at redhat.com> wrote: > > >>Kevin Kovach wrote: >> >> >> >>>dn: cn=encryption,cn=config >>>objectClass: top >>>objectClass: nsEncryptionConfig >>>cn: encryption >>>nsSSLSessionTimeout: 0 >>>nsSSLClientAuth: allowed >>>nsSSL2: off >>>nsSSL3: on >>>creatorsName: cn=server,cn=plugins,cn=config >>>modifiersName: cn=root >>>createTimestamp: 20050726153224Z >>>modifyTimestamp: 20050803144437Z >>>nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des\ >>>_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha >>>nsKeyfile: alias/slapd-birdie-key3.db >>>nsCertfile: alias/slapd-birdie-cert8.db >>>numSubordinates: 1 >>> >>>In the following entry I wasn't sure if '(software)' was a comment or >>>if it was part of the attr value so I've tried it both ways. Didn't >>>seem to change anything. >>> >>>dn: cn=RSA,cn=encryption,cn=config >>>objectClass: top >>>objectClass: nsEncryptionModule >>>cn: RSA >>>nsSSLToken: internal (software) >>>nsSSLPersonalitySSL: Server-Cert >>>creatorsName: cn=root >>>modifiersName: cn=root >>>createTimestamp: 20050803144438Z >>>modifyTimestamp: 20050803144438Z >>> >>> >>>dn: cn=config >>>cn: config >>>objectClass: top >>>objectClass: extensibleObject >>>objectClass: nsslapdConfig >>>nsslapd-accesslog-logging-enabled: on >>>nsslapd-accesslog-maxlogsperdir: 10 >>>nsslapd-accesslog-mode: 600 >>>nsslapd-accesslog-maxlogsize: 100 >>>nsslapd-accesslog-logrotationtime: 1 >>>nsslapd-accesslog-logrotationtimeunit: day >>>nsslapd-accesslog-logrotationsync-enabled: off >>>nsslapd-accesslog-logrotationsynchour: 0 >>>nsslapd-accesslog-logrotationsyncmin: 0 >>>nsslapd-accesslog: /opt/fedora-ds/slapd-birdie/logs/access >>>nsslapd-enquote-sup-oc: off >>>nsslapd-schemacheck: on >>>nsslapd-rewrite-rfc1274: off >>>nsslapd-return-exact-case: on >>>nsslapd-ssl-check-hostname: off >>> >>>... >>> >>>modifyTimestamp: 20050803144438Z >>>nsslapd-security: on >>> >>> >>>I think those were the three objects modified. If you need more >>>please let me know. Thanks. >>> >>>- Kevin >>> >>>On 8/3/05, Adam Stokes <astokes at redhat.com> wrote: >>> >>> >>> >>> >>>>On Wed, 3 Aug 2005 16:54:09 -0400 >>>>Kevin Kovach <kovach at gmail.com> wrote: >>>> >>>> >>>> >>>> >>>> >>>>>I double checked my key and cert files and they are of the correct >>>>>format. Incidentally, those then correspond to the nsCertfile and >>>>>nsKeyfile attributes that are made in the config changes? It's not >>>>>real clear in the wiki. The wiki suggests that the nsKeyfile and >>>>>nsCertfile attrs include 'slapd-directory'. >>>>> >>>>>I ask because I originally made the config changes by just copying and >>>>>pasting the ldif and I went back and changed them afterwards to be >>>>>'slapd-<instance name>'. >>>>> >>>>> >>>>> >>>>> >>>>The above is correct, again modified the wiki to resemble the changes. >>>> >>>> >>>> >>>> >>>>>Regardless of that I'm still not able to get the directory to start >>>>>up. I'm still seeing the same error in the log ... >>>>> >>>>>[03/Aug/2005:16:21:44 -0400] - Fedora-Directory/7.1 B2005.201.2115 >>>>>starting up [03/Aug/2005:16:21:44 -0400] - SSL failure: None of the >>>>>cipher are valid >>>>> >>>>>I'm going to continue playing with it and research it online, but any >>>>>further advice or suggestions would be appreciated. Thanks. >>>>> >>>>>- Kevin >>>>> >>>>> >>>>> >>>>> >>>>Could you post your changes as it shows in /opt/fedora-ds/slapd- >>>><instance>/config/dse.ldif? >>>> >>>>-- >>>>....<(^_^)> adam stokes .... >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>In the dn: cn=RSA,cn=encryption,cn=config add the following line >> >>nsSSLActivation: on >> >>Sorry for the confusion let me know if this works and ill modify the >>wiki accordingly >> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > > > > good to hear, will update the wiki to reflect the change
