Andreas Kekkou wrote: > Hi Richard, > > Nothing has changed. Executing the command you have suggested on both > servers I get the same output: > > [root at serverA alias]# ../shared/bin/certutil -L -P slapd-serverA- -d . > serverA-cert u,u,u > Computer Science Department CA CT,, > > [root at serverB alias]# ../shared/bin/certutil -L -P slapd-serverB- -d . > serverB-cert u,u,u > Computer Science Department CA CT,, > > Is there anything else I have to check? grep -i personality /opt/fedora-ds/slapd-instancename/config/dse.ldif The personality name should match with the server cert name in your certdb. > > Cheers. > > Andreas > > Richard Megginson wrote: >> Andreas Kekkou wrote: >>> Hi all, >>> >>> I'm running FDS in multi-master mode with two servers. Both servers >>> are configured with TLS support. One of the servers logs the >>> following error: >>> >>> [25/Oct/2007:08:50:55 +0300] - attrcrypt_unwrap_key: failed to >>> unwrap key for cipher AES >>> [25/Oct/2007:08:50:55 +0300] - Failed to retrieve key for cipher AES >>> in attrcrypt_cipher_init >>> [25/Oct/2007:08:50:55 +0300] - Failed to initialize cipher AES in >>> attrcrypt_init >>> [25/Oct/2007:08:50:55 +0300] - attrcrypt_unwrap_key: failed to >>> unwrap key for cipher AES >>> [25/Oct/2007:08:50:55 +0300] - Failed to retrieve key for cipher AES >>> in attrcrypt_cipher_init >>> [25/Oct/2007:08:50:55 +0300] - Failed to initialize cipher AES in >>> attrcrypt_init >>> [25/Oct/2007:08:50:57 +0300] - slapd started. Listening on All >>> Interfaces port 389 for LDAP requests >>> [25/Oct/2007:08:50:57 +0300] - Listening on All Interfaces port 636 >>> for LDAPS requests >>> >>> Both servers seems to work just fine. Any ideas how this can be >>> resolved? >> Has your SSL/TLS configuration changed at all? Have you acquired a >> new cert or renewed an existing cert? >> cd /opt/fedora-ds/alias >> ../shared/bin/certutil -L -P slapd-instance- -d . >>> >>> Thanks, >>> >>> Andreas >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20071026/51347686/attachment.bin
