SSL problem on replication!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is what I did to get ssl repl working:

1. generate a single CA certificate and use that to sign both the supplier and consumer
certificates. Each server doesn't need its own CA.

on the consumer:

[root at cnjldap01 alias]# ../shared/bin/certutil -L -d . -n "NJ CA certificate" -a >
cnjldap01.cert.asc

#send to supplier:

scp cnjldap01.cert.asc root at cnyldap01:/opt/fedora-ds/alias/

#import it into the supplier's cert db:

[root at cnyldap01 /]# ../shared/bin/certutil -A -d . -P slapd-cnyldap01- -n "NJ CA certificate" -t
"CT,," -a -i cnjldap01.cert.asc 


That's it.


--- Richard Megginson <rmeggins at redhat.com> wrote:

> Alex aka Magobin wrote:
> > hi,
> > I used Replication HOWTO to make a replica with 2 server; after that I
> > saw  that replication was  without encryption, so I maked my own CA
> > Authority and I maked two certificate for both server...I maked request
> > from Fedora Console and then I installed it from same console.
> >
> > Testing on second server, I tried to restart slapd, but when I tried the
> > server ask correctly PIN for Internal Software Token, but then it says:
> >
> > 22/Mar/2006:11:20:39 +0100] - SSL alert: CERT_VerifyCertificateNow:
> > verify certificate failed for cert nodo2-cert of family
> > cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 -
> > Peer's Certificate issuer is not recognized.)
> > [22/Mar/2006:11:20:39 +0100] - SSL failure: None of the cipher are valid
> >
> >
> >
> > ...what does it mean?...maybe that I have maked some mistakes about ssl?
> > ...how can I resolv this problem?
> > ...is it possible to come back??
> >   
> I think you may need to add the CA cert to the cert db for nodo2
> >
> > thanks in advance
> >
> > Alex
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >   
> > --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux