FDS User wrote: > Tried all combinations for the url with and without https and with the > right port #: > > IP address > ldap.test.com > ldap > > Still no luck. > > adminserv error log: > [Thu May 10 13:19:36 2007] [warn] NSSProtocols not set; using: SSLv3 > and TLSv1 > [Thu May 10 13:19:36 2007] [notice] Access Host filter is: *.test.com > [Thu May 10 13:19:36 2007] [notice] Access Address filter is: * > [Thu May 10 13:19:37 2007] [warn] NSSProtocols not set; using: SSLv3 > and TLSv1 > [Thu May 10 13:19:37 2007] [notice] Access Host filter is: *.test.com > [Thu May 10 13:19:37 2007] [notice] Access Address filter is: * > [Thu May 10 13:19:37 2007] [notice] Apache/2.2.4 (Unix) mod_nss/2.2.3 > NSS/3.11.3 configured -- resuming normal operations > [Thu May 10 13:38:18 2007] [notice] caught SIGTERM, shutting down > [Thu May 10 13:39:10 2007] [warn] NSSProtocols not set; using: SSLv3 > and TLSv1 > [Thu May 10 13:39:10 2007] [notice] Access Host filter is: *.test.com > [Thu May 10 13:39:10 2007] [notice] Access Address filter is: * > [Thu May 10 13:39:11 2007] [warn] NSSProtocols not set; using: SSLv3 > and TLSv1 > [Thu May 10 13:39:11 2007] [notice] Access Host filter is: *.test.com > [Thu May 10 13:39:11 2007] [notice] Access Address filter is: * > [Thu May 10 13:39:11 2007] [notice] Apache/2.2.4 (Unix) mod_nss/2.2.3 > NSS/3.11.3 configured -- resuming normal operations > [Thu May 10 13:40:10 2007] [error] SSL Library Error: -12271 SSL > client cannot verify your certificate cd /opt/fedora-ds/alias ../shared/bin/certutil -L -d . -P admin-serv-ldap- Do you have a CA certificate in that list? > > Thanks. > > > Richard Megginson wrote: >> FDS User wrote: >>> I tried changing the permission for local.conf and restarted both >>> admin and dir server. That didn't solve the issue. >>> Attached is the error I get when the login fails. >> For the console login dialog, for the admin url field, did you use >> https://host:port/ ? >> tail admin-serv/logs/error >>> >>> Thanks. >>> >>> Richard Megginson wrote: >>>> FDS User wrote: >>>>> Below is the ls and grep output. >>>>> >>>>> [root at ldap slapd-ldap]# ls -al /opt/fedora-ds/alias >>>>> <snip> looks ok >>>>> >>>>> >>>>> [root at ldap slapd-ldap]# ls -al /opt/fedora-ds/admin-serv/config >>>>> total 84 >>>>> drwxr-xr-x 2 nobody nobody 4096 May 9 10:31 . >>>>> drwxr-xr-x 8 root root 4096 May 9 10:32 .. >>>>> -rw------- 1 nobody nobody 544 May 10 13:17 adm.conf >>>>> -rw------- 1 nobody nobody 39 May 7 18:28 admpw >>>>> -rw------- 1 root root 4598 May 7 18:28 admserv.conf >>>>> -rw------- 1 nobody nobody 3702 May 10 13:17 console.conf >>>>> -rw------- 1 root root 26784 May 7 18:28 httpd.conf >>>>> -rw-r--r-- 1 root root 19233 May 7 18:28 local.conf >>>> This is the likely culprit. Shut down the admin server, then chown >>>> nobody:nobody local.conf, then restart. >>>>> -r-------- 1 nobody nobody 4604 May 7 18:29 nss.conf >>>>> >>>>> >>>>> [root at ldap slapd-ldap]# grep NSS >>>>> /opt/fedora-ds/admin-serv/config/console.conf >>>>> NSSEngine on >>>>> NSSNickname server-cert >>>>> # The NSS security database directory that holds the >>>>> certificates and >>>>> NSSCertificateDatabase /opt/fedora-ds/alias >>>>> NSSDBPrefix admin-serv-ldap- >>>>> NSSCipherSuite >>>>> +des,+rc2export,+rc4export,+desede3,+rc4,+rc2,+rsa_rc2_40_md5,+rsa_rc4_128_md5,+rsa_3des_sha,+rsa_rc4_40_md5,+fips_des_sha,+fips_3des_sha,+rsa_des_sha,-rsa_null_md5 >>>>> >>>>> NSSVerifyClient none >>>>> >>>>> >>>>> >>>>> Richard Megginson wrote: >>>>>> >>>>>> >>>>>> FDS User wrote: >>>>>>> Hi, >>>>>>> I am getting "PSET failure: PSET attribute creation or local >>>>>>> cache update failed" when I try to enable SSL for admin server >>>>>>> using the encryption tab. >>>>>>> I have used it in the past without issues and now for some >>>>>>> reason I get this error after doing a re-install of fds. >>>>>>> I used the SSL script from the fds site to generate the certs. >>>>>>> >>>>>>> Admin server log has this error: >>>>>>> [error] SSL Library Error: -12271 SSL client cannot verify your >>>>>>> certificate >>>>>>> >>>>>>> Any help is highly appreciated. >>>>>> ls -al /opt/fedora-ds/alias >>>>>> ls -al /opt/fedora-ds/admin-serv/config >>>>>> >>>>>> grep NSS /opt/fedora-ds/admin-serv/config/console.conf >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Fedora-directory-users mailing list >>>>>>> Fedora-directory-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> ------------------------------------------------------------------------ >>>>>> >>>>>> >>>>>> -- >>>>>> Fedora-directory-users mailing list >>>>>> Fedora-directory-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> >>>>> -- >>>>> Fedora-directory-users mailing list >>>>> Fedora-directory-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>>> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070510/8065635a/attachment.bin
