Dellwo, Martin J. [NCSUS] wrote: > > Hello, > > How can one start up Fedora directory (1.02) server instances when one > is using SSL? Can it be configured to read the security database > password from a file? I believe it may have given me the option > initially and I did not take advantage of it, so I am particularly > wondering how to set up automatic startup (with no password prompt) > after it is already set up to prompt. > Have you seen this? http://directory.fedora.redhat.com/wiki/Howto:SSL > > Right now, I have slapd running with SSL turned on, but could not > restart the admin server after turning it on. I was able to edit two > admin server configuration files to turn it back off for the admin > server, so now I can start it without SSL. Any pointers to detailed > documentation for using SSL with admin server? > http://www.redhat.com/docs/manuals/dir-server/pdf/console71.pdf - chapter 7 > > I also now have a new problem where I cannot open the 'Manage > Certificates' task for the directory server (slapd) instance itself. > In the admin server http logs I get this error > > [Thu Jun 22 11:56:06 2006] [notice] [client 10.24.224.137] > admserv_host_ip_check: ap_get_remote_host could not resolve > xxx.xxx.xxx.xxx > I think this error is benign, especially if you can connect to the admin server via a web browser. > > Even though xxx.xxx.xxx.xxx is the IP address of the local server > (both where slapd is running and where I am running the console from). > It is properly defined in both the local /etc/hosts and in DNS. At > the same time, the console gives a pop-up error, > "org.mozilla.ssl.SSLSocketException: SSL_ForceHandshake failed: > (-5938) Encountered end of file." > > Since I think this could be related to an out-of-date certificate CRL, > how can one import new CRLs using command line tools? > There is an NSS command line tool called crlutil which is unfortunately not included with fedora ds. You can find it here - ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/ - just make sure you set your LD_LIBRARY_PATH to /opt/fedora-ds/shared/lib before you run crlutil. > > Thanks, > Marty > > *--* > *Martin J. Dellwo* > /NCS Pharma R&D (Exton)/ > /NCS, a Johnson & Johnson Company/ > /mdellwo at ncsus.jnj.com/ > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060622/b5bcff7f/attachment.bin
