FDS User wrote: > Below is the ls and grep output. > > [root at ldap slapd-ldap]# ls -al /opt/fedora-ds/alias > <snip> looks ok > > > [root at ldap slapd-ldap]# ls -al /opt/fedora-ds/admin-serv/config > total 84 > drwxr-xr-x 2 nobody nobody 4096 May 9 10:31 . > drwxr-xr-x 8 root root 4096 May 9 10:32 .. > -rw------- 1 nobody nobody 544 May 10 13:17 adm.conf > -rw------- 1 nobody nobody 39 May 7 18:28 admpw > -rw------- 1 root root 4598 May 7 18:28 admserv.conf > -rw------- 1 nobody nobody 3702 May 10 13:17 console.conf > -rw------- 1 root root 26784 May 7 18:28 httpd.conf > -rw-r--r-- 1 root root 19233 May 7 18:28 local.conf This is the likely culprit. Shut down the admin server, then chown nobody:nobody local.conf, then restart. > -r-------- 1 nobody nobody 4604 May 7 18:29 nss.conf > > > [root at ldap slapd-ldap]# grep NSS > /opt/fedora-ds/admin-serv/config/console.conf > NSSEngine on > NSSNickname server-cert > # The NSS security database directory that holds the certificates and > NSSCertificateDatabase /opt/fedora-ds/alias > NSSDBPrefix admin-serv-ldap- > NSSCipherSuite > +des,+rc2export,+rc4export,+desede3,+rc4,+rc2,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5 > NSSVerifyClient none > > > > Richard Megginson wrote: >> >> >> FDS User wrote: >>> Hi, >>> I am getting "PSET failure: PSET attribute creation or local cache >>> update failed" when I try to enable SSL for admin server using the >>> encryption tab. >>> I have used it in the past without issues and now for some reason I >>> get this error after doing a re-install of fds. >>> I used the SSL script from the fds site to generate the certs. >>> >>> Admin server log has this error: >>> [error] SSL Library Error: -12271 SSL client cannot verify your >>> certificate >>> >>> Any help is highly appreciated. >> ls -al /opt/fedora-ds/alias >> ls -al /opt/fedora-ds/admin-serv/config >> >> grep NSS /opt/fedora-ds/admin-serv/config/console.conf >>> >>> Thanks. >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070510/91438ee2/attachment.bin