Alex wrote: > > >>Like Richard said, what is nsSSLPersonalitySSL set to in >>dse.ldif on the nodes? >> >>you should keep the names consistent. I mean, how do you >>know whether alt-server refers to nodo1 or nodo2?? You know >>now but what about 5 months from now?? >> >>also, can you do ldapsearch -ZZ against both nodo1/2 without problems? >> > > > I'm apologize but I'don't understand what you want to say...and no....at > this point I can't do ldapsearch -zz > > I only follow your instructions to enable encryption on both server and > trying to make a query from a client on both server using a floating ip with > ssl enable....I understood that the solution was SubjectAltName and I asked > in which way was possible to implement it...following Rob tips seems doesn't > working and last post is the last step on my configuration for testing it. > You are doing a couple of odd things: 1. Why does nodo1 get it's own nickname but nodo2 is named Alt-Cert? As I've said before, the nicknames aren't important, but you should have some sort of naming policy. 2. You may need to fully qualify the cn in the certificates: nodo1.domain.example.com. This alone could explain the -12276 error. I don't know if NSS will reconstitute the domain from it's dc components. Does ldapsearch work against each fully-qualified host? Get ldapsearch working for the CN and for the alt subject first before trying to do MMR. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060411/9369c7a4/attachment.bin
