On Friday 12 September 2008 08:44, steve nguyen wrote: > Hi everybody, > > If you remember me I've got some problem with SSL in my sync agreement : > > https://www.redhat.com/archives/fedora-directory-users/2008-September/msg00 >000.html > https://www.redhat.com/archives/fedora-directory-users/2008-September/msg00 >024.html > > I think I have found what's wrong in my SSL set up. > I tried this command to verify if ssl is enabled in FDS : ldapsearch -x -ZZ > '(uid=testuser)' I check the access log, and I've got this message : > EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" > RESULT err=0 tag=120 nentries=0 etime=0DISCONNECT fd=67 closed - Peer does > not recognize and trust the CA that issued your certific... > > As I said before I set up SSL using the second script from the FDS wiki > page. So my question is what can I do now : > - Can I fix this ? > - Should I do a full set up of SSL ? > > Thanks I've been working on an all-in-one ssl management perl script for fds. It's been working over here but I'm sure there are some quirks in it. Make sure you edit /etc/fdstools/ssl.conf to point to your correct SEC_DIR and INSTANCE values. Then just move out your old $SEC_DIR/cert8.db key3.db and secmod.db files to some backup directory and run fdssl.pl -h or -e for examples on how to use it. Let me know how it works for you. Ryan -------------- next part -------------- A non-text attachment was scrubbed... Name: fdstools.tar.bz2 Type: application/x-tbz Size: 16092 bytes Desc: not available Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080912/afac188e/attachment.bin
