Susan wrote: >--- Alex aka Magobin <magobin at gmail.com> wrote: > > > >>On gio, 2006-03-23 at 08:43 -0800, Susan wrote: >> >> >>>This is what I did to get ssl repl working: >>> >>>1. generate a single CA certificate and use that to sign both the supplier and consumer >>>certificates. Each server doesn't need its own CA. >>> >>>on the consumer: >>> >>> >>> >> >>Thank you Susan for your reply...two question 4 you if possible: >> >>1) This procedure..similar to (Chapter 8 in Administration Guide)...but >>you have to create cert db before >> >> > >yes, cert db must exist, for a cert to be exported out of it :) > > > > >>2) To make secure replication...I have to enable ssl on DS...in this >>case...is still possible to query LDAP on port 389 ?? >> >> > >yes. One way to disable it is to set the ldap port to 0, FDS will then say on startup that non >secure access has been disabled, proceeding. That will break the console access, however. I >haven't been able to turn off non-ssl access AND still be able to use the console. > > You can configure Console to talk LDAPS. I was just able to disable the standard LDAP port on my FDS 1.0.2 install and still use Console. You need to check the "Use SSL in Fedora Console" checkbox in the "Configuration" tab of the Directory Server Console. -NGK >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060324/63d11dae/attachment.bin
