Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783 Richard Megginson wrote: > Jeff Gamsby wrote: >> I am trying to get FDS 1.0.2 working in SSL mode. I am using a >> OpenSSL CA, I have installed the Server Cert and the CA Cert, can >> start FDS in SSL mode, but when I run >> ldapsearch -x -ZZ I get TLS trace: SSL3 alert write:fatal:unknown CA. > Did you follow this - http://directory.fedora.redhat.com/wiki/Howto:SSL I did, but that didn't work for me. The only thing that I did this time was generate a request from the "Manage Certificates", sign the request using my OpenSSL CA, and install the Server and CA Certs. Then I turned on SSL in the Admin console, and restarted the server. When I followed the instructions from the link, I couldn't even get FDS to start in SSL mode. >> >> In /etc/ldap.conf, I have put in >> TLS_CACERT /path/to/cert > Is this the same /path/to/cacert.pem as below? Yes >> TLSREQCERT allow >> ssl on >> ssl start_tls >> >> If I run >> openssl s_client -connect localhost:636 -showcerts -state -CAfile >> /path/to/cacert.pem >> >> It looks OK >> >> Please help >> >> Thanks >> > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
