Glenn wrote: > So I'm just about to finish getting Windows Sync working between RH Directory > Server 7.1SP3 and Active Directory. The latest error message in the passsync > log says "insufficient access", so I create an ACI that gives the replication > manager access to everything, just to see if it will work. Nope. So I > think, maybe I have to restart the Directory Server. And then it fails to > restart, logging the error message: > > SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert > server-cert of family cn=RSA,cn=encryption,cn=cconfig (Netscape Portable > Runtime error -8181 - Peer's Certificate has expired.) > Is it possible it is complaining about the CA cert? > Yeah, right. Here's a copy of the certificate: > > [root at ourserver alias]# ./certutil -L -d ./ -n server-cert > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 16:43:78:57:00:00:00:00:00:0e > Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption > Issuer: > "CN=OURCA,DC=ad,DC=ourshop,DC=edu" > Validity: > Not Before: Tue Nov 14 22:50:17 2006 > Not After : Thu Nov 13 22:50:17 2008 > ... > > Now, I'll grant you that this little synchronization exercise FEELS like it > has gone on for more than two years, but according to the certificate, it has > taken barely two months so far, leaving the certificate good for another 22 > months. Once again, the SSL error message seems to have little to do with > reality. > > I just restarted the server three hours earlier, and it worked fine then. > Can anyone suggest what I might try now? Thanks. -Glenn. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070116/1fb7656e/attachment.bin
