Replication over SSL withsimpleauthentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I actually set "nsslapd-ssl-check-hostname" to "off" in the cn=config
object!

-Reinhard

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Dennis
De Marco
Sent: Wednesday, June 20, 2007 1:05 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: Replication over SSL
withsimpleauthentication

I've had this issue using subjectAltName in my certificates to load
balance behind a VIP.

I turned off the checkbox 'verify hostname in SSL certificate on
outgoing connections' 

I am not sure why this is happening, but I do not have any other
certificate problems with ldapsearch, nor authentication.

- Dennis


On Fri, 2007-06-15 at 14:47 -0400, Reinhard Nappert wrote:
> Hi,
> 
> I SSL-enabled two Directory Servers and I can access them over LDAPS 
> using ldapsearch and other clients. I enabled both servers with the 
> steps from the setupssl script. However, when I to set replication up,

> I get:
> 
> [15/Jun/2007:13:32:56 -0400] conn=6057  op=-1 fd=69 closed - SSL peer 
> cannot verify your certificate.
> 
> I did import the CA cert (self-signed)  to the other server, both 
> ways, since I want to have multi-mastering.
> 
> By the way, I checked the serial numbers of the certs and they are not

> identical.
> 
> Does anyone have an idea why the replication fails.
> 
> Thanks,
> -Reinhard
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and is
protected by law.  If you are not the intended recipient, you should
delete this message.  Any disclosure, copying, or distribution of this
message, or the taking of any action based on it, is strictly
prohibited.


--
Fedora-directory-users mailing list
Fedora-directory-users at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users




[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux