Graham Leggett wrote: > Richard Megginson wrote: > >>> It appears when an attempt is made to select "manage certificates", >>> and a number of other places. >> I think this means it's trying to talk SSL. It could be attempting >> to open an https connection to the admin server which is only >> listening to http. You could try starting the console using >> startconsole -D 9 > file 2>&1 >> to capture the detailed debug log to file. This should give us more >> information about what it's doing when it gets that exception. > > Using tcplow to sniff the admin console port, the admin server is > definitely trying to talk ssl. > > Is there a method of telling the admin server _not_ to use SSL? I have > searched high and low inside the directory, and all the config I can > find has the admin server defined with SSL disabled. > > Alternatively, is there a way to switch SSL on on the admin server > without using the console? 1) edit admin-serv/config/console.conf and change NSSEngine from "on" to "off" 2) find the cn=configuration entry for the admin server: ldapsearch -x -D "cn=directory manager" -w password -s sub -b o=netscaperoot "nsserversecurity=on" 3) If this returns the config entry for the admin server, use ldapmodify to turn security off: ldapmodify -x -D "cn=directory manager" -w password dn: dn returned above changetype: modify replace: nsServerSecurity nsServerSecurity: off 4) restart admin server - restart-admin This should cause admin server to use http instead of https. > > Regards, > Graham > -- > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20061106/9e2c7745/attachment.bin
