The SSL client (in this case, the replication supplier) still needs to verify the SSL server (in this case, the replication consumer) certificate in order for SSL to work. It should be sufficient for the supplier to have the certificate of the CA that issued the consumer's certificate in its cert db. Susan wrote: >Hi, all. Trying to setup replication over SSL, without certificates. In the UI, I said "Simple >Authentication.", gave it the bind dn & password. (The name/pass pair work fine if non-SSL >replication is used.) > >Anyway, in the consumer log, I see this: > >[18/Jan/2006:11:50:56 -0500] conn=66 fd=72 slot=72 SSL connection from 129.85.70.110 to >129.85.86.65 >[18/Jan/2006:11:50:56 -0500] conn=66 op=-1 fd=72 closed - SSL peer cannot verify your certificate. > >What's the deal? Why is it trying to verify certs??? > >on the supplier, I see this: > >[18/Jan/2006:11:44:47 -0500] NSMMReplicationPlugin - agmt="cn=main" (cnjldap01:636): Simple bind >failed, LDAP sdk error 81 (Can't contact LDAP server), Netscape Portable Runtime error -8054 >(unknown) > >How come it failed?? > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060118/23d17ea9/attachment.bin
