I was attempting to follow...http://directory.fedoraproject.org/wiki/Howto:SSL I first ran the script http://directory.fedoraproject.org/download/setupssl2.sh After completing fds would not start. I rein I eventually ended up reading the script and running every operation stp by step. That was quite an ordeal. All the steps ran however no errors. [root at ldapslave1 slapd-ldapslave1]# /etc/init.d/dirsrv start Starting dirsrv: ldapslave1...Warning: Incorrect PIN may result in disabling the token Enter PIN for Internal (Software) Token: I replaced the data inside pin.txt with : Internal (Software) Token:dirserv_cert_password But I am still getting the same message. Is this just a bogus message. The problem could be elsewhere? Thanks in advance. (ps -ef ; w) | sha1sum > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt chown fds:fds /etc/dirsrv/slapd-ldapslave1/pwdfile.txt (w ; ps -ef ; date ) | sha1sum | awk '{print $1}' > /etc/dirsrv/slapd-ldapslave1/noise.txt chown fds:fds /etc/dirsrv/slapd-ldapslave1/noise.txt certutil -N -P new- -d /etc/dirsrv/slapd-ldapslave1 -f /etc/dirsrv/slapd-ldapslave1/pwdfile.txt chown fds:fds /etc/dirsrv/slapd-ldapslave1/key3.db chown fds:fds /etc/dirsrv/slapd-ldapslave1/cert8.db chmod 600 /etc/dirsrv/slapd-ldapslave1/key3.db chmod 600 /etc/dirsrv/slapd-ldapslave1/cert8.db certutil -G -P new- -d /etc/dirsrv/slapd-ldapslave1 -z /etc/dirsrv/slapd-ldapslave1/noise.txt -f /etc/dirsrv/slapd-ldapslave1/pwdfile.txt certutil -S -P new- /etc/dirsrv/slapd-ldapslave1/ -n "CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d /etc/dirsrv/slapd-ldapslave1 -z /etc/dirsrv/slapd-ldapslave1/noise.txt -f /etc/dirsrv/slapd-ldapslave1/pwdfile.txt certutil -L -P new- -d /etc/dirsrv/slapd-ldapslave1 -n "CA certificate" -a > /etc/dirsrv/slapd-ldapslave1/cacert.asc pk12util -d /etc/dirsrv/slapd-ldapslave1 -P new- -o /etc/dirsrv/slapd-ldapslave1/cacert.p12 -n "CA certificate" -w /etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k /etc/dirsrv/slapd-ldapslave1/pwdfile.txt certutil -S -P new- -n "Server-Cert" -s "cn=ldapslave1.ops.ec.com,ou=Fedora Directory Server" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d /etc/dirsrv/slapd-ldapslave1/ -z /etc/dirsrv/slapd-ldapslave1/noise.txt -f /etc/dirsrv/slapd-ldapslave1/pwdfile.txt certutil -S -P new- -n "server-cert" -s "cn=ldapslave1.ops.ec.com,ou=Fedora Administration Server" -c "CA certificate" -t "u,u,u" -m 1002 -v 120 -d /etc/dirsrv/slapd-ldapslave1/ -z /etc/dirsrv/slapd-ldapslave1/noise.txt -f /etc/dirsrv/slapd-ldapslave1/pwdfile.txt pk12util -d /etc/dirsrv/slapd-ldapslave1 -P new- -o /etc/dirsrv/slapd-ldapslave1/adminserver.p12 -n server-cert -w /etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k /etc/dirsrv/slapd-ldapslave1/pwdfile.txt chown fds:fds /etc/dirsrv/slapd-ldapslave1/adminserver.p12 chmod 400 /etc/dirsrv/slapd-ldapslave1/adminserver.p12 cat /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > /etc/dirsrv/slapd-ldapslave1/pin.txt chmod 400 /etc/dirsrv/slapd-ldapslave1/pin.txt mv /etc/dirsrv/slapd-ldapslave1/cert8.db /etc/dirsrv/slapd-ldapslave1/orig-cert8.db mv /etc/dirsrv/slapd-ldapslave1/key3.db /etc/dirsrv/slapd-ldapslave1/orig-key3.db certutil -N -d /etc/dirsrv/slapd-ldapslave1 -P admin-serv- -f /etc/dirsrv/slapd-ldapslave1/pwdfile.txt chown fds:fds /etc/dirsrv/slapd-ldapslave1/admin-serv-*.db [root at ldapslave1 tmp]# chmod 600 /etc/dirsrv/slapd-ldapslave1/admin-serv-*.db pk12util -d /etc/dirsrv/slapd-ldapslave1/ -P admin-serv- -n server-cert -i /etc/dirsrv/slapd-ldapslave1/adminserver.p12 -w /etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k /etc/dirsrv/slapd-ldapslave1/pwdfile.txt certutil -A -d /etc/dirsrv/slapd-ldapslave1/ -P admin-serv- -n "CA certificate" -t "CT,," -a -i /etc/dirsrv/slapd-ldapslave1/cacert.asc cat /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > /etc/dirsrv/slapd-ldapslave1/password.conf chmod 400 /etc/dirsrv/slapd-ldapslave1/password.conf chown fds:fds /etc/dirsrv/slapd-ldapslave1/password.conf sed -e "s@^NSSPassPhrasDialog .*@NSSPassPhraseDialog file:/etc/dirsrv/slapd-ldapslave1/password/conf mv /etc/dirsrv/slapd-ldapslave1/new-key3.db /etc/dirsrv/slapd-ldapslave1/key3.db mv /etc/dirsrv/slapd-ldapslave1/new-cert8.db /etc/dirsrv/slapd-ldapslave1/cert8.db ldapmodify -x -h localhost -p 389 -D "cn=directory manager" -W <<EOF dn: cn=encryption,cn=config changetype: modify replace: nsSSL3 nsSSL3: on - replace: nsSSLClientAuth nsSSLClientAuth: allowed - add: nsSSL3Ciphers nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5, +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza, +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha, +tls_rsa_export1024_with_des_cbc_sha dn: cn=config changetype: modify add: nsslapd-security nsslapd-security: on - replace: nsslapd-ssl-check-hostname nsslapd-ssl-check-hostname: off dn: cn=RSA,cn=encryption,cn=config changetype: add objectclass: top objectclass: nsEncryptionModule cn: RSA nsSSLPersonalitySSL: Server-Cert nsSSLToken: internal (software) nsSSLActivation: on EOF [root at ldapslave1 slapd-ldapslave1]# /etc/init.d/dirsrv start Starting dirsrv: ldapslave1...Warning: Incorrect PIN may result in disabling the token Enter PIN for Internal (Software) Token: Any hints thanks!
