Thanks Everyone, I got it working. ldapmodify was the right one, along with making a few modifications to the enable_ssl and addrsa files. For instance, the values for the cert db's were all ready in there, as I had all ready had it enabled, and getting the "Server-Cert" name right. As for the windows issue, it was an issue with the jss3.jar/dll, I was using jre 1.5.0_04. I followed the instructions in the Windows Console HOWTO, including DL'ing the additional files required for SSL, and no luck, it kept dieing trying to make the SSL connection. Right now, I don't have enough time to try setting up Admin Console on Windows again. I'll get back with the list when I have time to try again. Thanks, Brian On Thu, 2005-10-06 at 18:06 -0700, uffe at loop.to wrote: > The instructions were probably tested with the tools that accompany FDS, > can you try with ldapmodify instead of ldapadd? > cd /opt/fedora/shared/bin > ./ldapmodify -f /tmp/ssl_enable.ldif -v -D "cn=Directory Manager" -h > qapxe.corp.mxlogic.com -w <snip> > > For the Windows Console SSL problem, do you recall what class the > exception mentioned wasn't found? I'm guessing it was a jss class, the > jar might have had the wrong filename, like jss33.jar instead of jss3.jar... > > Brian Kosick wrote: > > >Here it is. > > > >Thanks > >Brian > > > >On Thu, 2005-10-06 at 13:22 -0600, Rich Megginson wrote: > > > > > >>I'm not sure. Are you sure you have no extraneous or trailing white > >>spaces anywhere? It might help if you could post the raw file. > >> > >>Brian Kosick wrote: > >> > >> > >> > >>>Hi All, > >>> > >>>I have a quick question. I had SSL all setup and running on both the > >>>admin server, and the directory server. My manager wanted it setup on > >>>his windows box, so I followed the WindowsConsole HOWTO, and kept > >>>getting stuck in the Mozilla libs not being able to make the SSL socket > >>>connection, returning with class not found. I disabled SSL on the > >>>admin server and was able to connect to that, and then disabled SSL on > >>>the directory server, but couldn't get it to work. Now on my linux > >>>admin console, which worked beautifully before, It keeps trying to > >>>connect to port 636, rather than 389. > >>> > >>>I have tried re-enabling SSL in the directory server by following the > >>>SSL Howto, but I keep getting > >>> > >>>ldapadd -f /tmp/ssl_enable.ldif -xv -D "cn=Directory Manager" -h > >>>qapxe.corp.mxlogic.com -w <snip> > >>>ldap_initialize( ldap://qapxe.corp.mxlogic.com ) > >>>ldapadd: invalid format (line 8) entry: "cn=encryption,cn=config" > >>> > >>>Based on a list thread that I found, I removed all the newlines in > >>>cipher list and still have the same issue. > >>> > >>>Here's my enable_ssl.ldif > >>>dn: cn=encryption,cn=config > >>>changetype: modify > >>>replace: nsSSL3 > >>>nsSSL3: on > >>>- > >>>replace: nsSSLClientAuth > >>>nsSSLClientAuth: allowed > >>>- > >>>add: nsSSL3Ciphers > >>>nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5, > >>>+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha, > >>>+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null, > >>>+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha > >>>- > >>>add: nsKeyfile > >>>nsKeyfile: alias/slapd-qapxe-key3.db > >>>- > >>>add: nsCertfile > >>>nsCertfile: alias/slapd-qapxe-cert8.db > >>> > >>>dn: cn=config > >>>changetype: modify > >>>add: nsslapd-security > >>>nsslapd-security: on > >>>- > >>>replace: nsslapd-ssl-check-hostname > >>>nsslapd-ssl-check-hostname: off > >>> > >>>My question is how do I either get the admin console to try to connect > >>>via 389, rather than 636, or get SSL re-enabled on the directory server. > >>> > >>>Thanks in advance > >>>Brian > >>> > >>> > >>>------------------------------------------------------------------------ > >>> > >>>-- > >>>Fedora-directory-users mailing list > >>>Fedora-directory-users at redhat.com > >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >>> > >>> > >>> > >>> > >>-- > >>Fedora-directory-users mailing list > >>Fedora-directory-users at redhat.com > >>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >> > >>------------------------------------------------------------------------ > >> > >>dn: cn=encryption,cn=config > >>changetype: modify > >>replace: nsSSL3 > >>nsSSL3: on > >>- > >>replace: nsSSLClientAuth > >>nsSSLClientAuth: allowed > >>- > >>add: nsSSL3Ciphers > >>nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha > >>- > >>add: nsKeyfile > >>nsKeyfile: alias/slapd-qapxe-key3.db > >>- > >>add: nsCertfile > >>nsCertfile: alias/slapd-qapxe-cert8.db > >> > >>dn: cn=config > >>changetype: modify > >>add: nsslapd-security > >>nsslapd-security: on > >>- > >>replace: nsslapd-ssl-check-hostname > >>nsslapd-ssl-check-hostname: off > >> > >> > >>------------------------------------------------------------------------ > >> > >>-- > >>Fedora-directory-users mailing list > >>Fedora-directory-users at redhat.com > >>https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2846 bytes Desc: not available Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051007/3db70302/attachment.bin
