Dumbo Q wrote: > I just installed a new ssl certificate using pk12util. I restarted my > dirsrv, and picked the new cert in the dropdown menu under the > encryption tab. I restarted dirsrv to make it take affect. When I > did this, I found that the root certificate was not in > redhats/openssls ca-bundle. I tried importing the intermediate > certificate, and I think I just made the problem worse. > > right now im getting the following. > SSL alert: CERT_VerifyCertificateNow: verify certificate failed for > cert rhds.example.com - Comodo CA Limited of family > cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 > - Peer's Certificate issuer is not recognized.) > [08/Jul/2009:14:18:04 -0400] - SSL failure: None of the cipher are valid > > > Now my directory is down completely. How can I get it to start up > without SSL so that I can fix the problem? The default list of approved root CAs are in a shared library called libnssckbi.so - try this cd /etc/dirsrv/slapd-yourinstance ln -s /usr/lib/libnssckbi.so > > > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090708/4cfdc028/attachment.bin
