Marco Bellacosa wrote: > Thanks Richard, > > Richard Megginson wrote: > > Marco Bellacosa wrote: > > > >> Dear all, > >> > >> I got problems while restarting my fedora-ds. In particular, > >> when I try to start the server via start-slapd I receive the following > >> message: > >> > >> [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: > >> verify certificate failed for cert server-cert of family > >> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 > >> - Peer's Certificate has expired.) > >> [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are > valid\ > >> > >> Then, if I try to menage certificates via console, I am not able to > >> log in the console, I get the message: > >> > >> Cannot connect to the Admin Server ..... > >> The URL is not correct or the server is not running. > >> > >> Therefore, I cannot start the server because my certificate is no more > >> valid and I cannot menage certificate because my console doesn't open > >> (it seems to me). Can anyone help me? > > > > Looks like you will have to generate a new server (or CA?) cert. Do > you > > have a CA? See http://directory.fedora.redhat.com/wiki/Howto:SSL for > > some examples of how to use the command line certutil tool. > > > > I followed the examples, but now > > # start-slapd > Enter PIN for Internal (Software) Token: I insert the password and > > [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization Can't > find certificate (server-cert) for family cn=RSA,cn=encryption,cn=config > (Netscape Portable Runtime error -8174 - security library: bad database.) > [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization: > Unable to retrieve private key for cert server-cert of family > cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - > security library: bad database.) > [24/Aug/2006:09:19:22 +0200] - SSL failure: None of the cipher are valid > > Please, note that I have my new admin-serv-hostname-cert8.db, > slapd-hostname-cert8.db and so on and a valid CA certificate. cd /opt/fedora-ds/alias ../shared/bin/certutil -P slapd-hostname- -d . -L ../shared/bin/certutil -P slapd-hostname- -d . -L -n server-cert ../shared/bin/certutil -P slapd-hostname- -d . -L -n Server-Cert > > > Thanks in advance, > marco > > >> Fedora-directory-users mailing list > >> Fedora-directory-users at redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060824/a0356114/attachment.bin
