Unable to configure admin server with SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tried all combinations for the url with and without https and with the 
right port #:

IP address
ldap.test.com
ldap

Still no luck.

adminserv error log:
[Thu May 10 13:19:36 2007] [warn] NSSProtocols not set; using: SSLv3 and 
TLSv1
[Thu May 10 13:19:36 2007] [notice] Access Host filter is: *.test.com
[Thu May 10 13:19:36 2007] [notice] Access Address filter is: *
[Thu May 10 13:19:37 2007] [warn] NSSProtocols not set; using: SSLv3 and 
TLSv1
[Thu May 10 13:19:37 2007] [notice] Access Host filter is: *.test.com
[Thu May 10 13:19:37 2007] [notice] Access Address filter is: *
[Thu May 10 13:19:37 2007] [notice] Apache/2.2.4 (Unix) mod_nss/2.2.3 
NSS/3.11.3 configured -- resuming normal operations
[Thu May 10 13:38:18 2007] [notice] caught SIGTERM, shutting down
[Thu May 10 13:39:10 2007] [warn] NSSProtocols not set; using: SSLv3 and 
TLSv1
[Thu May 10 13:39:10 2007] [notice] Access Host filter is: *.test.com
[Thu May 10 13:39:10 2007] [notice] Access Address filter is: *
[Thu May 10 13:39:11 2007] [warn] NSSProtocols not set; using: SSLv3 and 
TLSv1
[Thu May 10 13:39:11 2007] [notice] Access Host filter is: *.test.com
[Thu May 10 13:39:11 2007] [notice] Access Address filter is: *
[Thu May 10 13:39:11 2007] [notice] Apache/2.2.4 (Unix) mod_nss/2.2.3 
NSS/3.11.3 configured -- resuming normal operations
[Thu May 10 13:40:10 2007] [error] SSL Library Error: -12271 SSL client 
cannot verify your certificate

Thanks.


Richard Megginson wrote:
> FDS User wrote:
>> I tried changing the permission for local.conf and restarted both 
>> admin and dir server. That didn't solve the issue.
>> Attached is the error I get when the login fails.
> For the console login dialog, for the admin url field, did you use 
> https://host:port/ ?
> tail admin-serv/logs/error
>>
>> Thanks.
>>
>> Richard Megginson wrote:
>>> FDS User wrote:
>>>> Below is the ls and grep output.
>>>>
>>>> [root at ldap slapd-ldap]# ls -al /opt/fedora-ds/alias
>>>> <snip> looks ok
>>>>
>>>>
>>>> [root at ldap slapd-ldap]# ls -al /opt/fedora-ds/admin-serv/config
>>>> total 84
>>>> drwxr-xr-x 2 nobody nobody  4096 May  9 10:31 .
>>>> drwxr-xr-x 8 root   root    4096 May  9 10:32 ..
>>>> -rw------- 1 nobody nobody   544 May 10 13:17 adm.conf
>>>> -rw------- 1 nobody nobody    39 May  7 18:28 admpw
>>>> -rw------- 1 root   root    4598 May  7 18:28 admserv.conf
>>>> -rw------- 1 nobody nobody  3702 May 10 13:17 console.conf
>>>> -rw------- 1 root   root   26784 May  7 18:28 httpd.conf
>>>> -rw-r--r-- 1 root   root   19233 May  7 18:28 local.conf
>>> This is the likely culprit.  Shut down the admin server, then chown 
>>> nobody:nobody local.conf, then restart.
>>>> -r-------- 1 nobody nobody  4604 May  7 18:29 nss.conf
>>>>
>>>>
>>>> [root at ldap slapd-ldap]# grep NSS 
>>>> /opt/fedora-ds/admin-serv/config/console.conf
>>>> NSSEngine on
>>>> NSSNickname server-cert
>>>> #   The NSS security database directory that holds the certificates 
>>>> and
>>>> NSSCertificateDatabase /opt/fedora-ds/alias
>>>> NSSDBPrefix admin-serv-ldap-
>>>> NSSCipherSuite 
>>>> +des,+rc2export,+rc4export,+desede3,+rc4,+rc2,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5 
>>>>
>>>> NSSVerifyClient none
>>>>
>>>>
>>>>
>>>> Richard Megginson wrote:
>>>>>
>>>>>
>>>>> FDS User wrote:
>>>>>> Hi,
>>>>>> I am getting "PSET failure: PSET attribute creation or local 
>>>>>> cache update failed" when I try to enable SSL for admin server 
>>>>>> using the encryption tab.
>>>>>> I have used it in the past without issues and now for some reason 
>>>>>> I get this error after doing a re-install of fds.
>>>>>> I used the SSL script from the fds site to generate the certs.
>>>>>>
>>>>>> Admin server log has this error:
>>>>>> [error] SSL Library Error: -12271 SSL client cannot verify your 
>>>>>> certificate
>>>>>>
>>>>>> Any help is highly appreciated.
>>>>> ls -al /opt/fedora-ds/alias
>>>>> ls -al /opt/fedora-ds/admin-serv/config
>>>>>
>>>>> grep NSS /opt/fedora-ds/admin-serv/config/console.conf
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> Fedora-directory-users mailing list
>>>>>> Fedora-directory-users at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>> ------------------------------------------------------------------------ 
>>>>>
>>>>>
>>>>> -- 
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>>   
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>> -- 
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux