Alex wrote: > > >> of course! >> >> each server will have its own certificate. OK, you have >> servers A & B. >> >> > > Answer to richard too... > > Ok, i tried..on my virtual....I run all command as you know..both in nodo1 > and nodo2... > Now..both have ssl enabled....but if I try to import CA certificate from > nodo1 to nodo2 : > > ../shared/bin/certutil -A -d . -P slapd-nodo2- -n "CA certificate" -t "CT,," > -a -i cacert.asc > > It says: > > Certutil-bin: could not obtain certificate from file: You are attempting to > import a cert with the same issuer/serial as an existing cert, but that is > not the same cert > The problem with using the script is that, if you run it from a completely clean install, it will create a brand new CA cert. I think the script may be able to detect if you already have a CA cert. > Plus...as suggested from Susan I ran /usr/bin/ldapsearch -ZZ -h nodo1.... > Ant it reports: > > Ldap_start_tls: Connect error (-11) > additional info: Start TLS request accepted.Server willing > to negotiate SSL. > > Alex > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060328/535857a1/attachment.bin
