On July 8, 2009 06:19:55 pm Dumbo Q wrote: > I just installed a new ssl certificate using pk12util. I restarted my > dirsrv, and picked the new cert in the dropdown menu under the encryption > tab. I restarted dirsrv to make it take affect. When I did this, I found > that the root certificate was not in redhats/openssls ca-bundle. I tried > importing the intermediate certificate, and I think I just made the problem > worse. > > right now im getting the following. > SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert > rhds.example.com - Comodo CA Limited of family > cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - > Peer's Certificate issuer is not recognized.) [08/Jul/2009:14:18:04 -0400] > - SSL failure: None of the cipher are valid > > > Now my directory is down completely. How can I get it to start up without > SSL so that I can fix the problem? Make sure you backup /etc/dirsrv/INSTANCE/dse.ldif then edit that file and look for nsslapd-security: on change to nsslapd-security: off save file, restart service and ssl should be turned off. Keep in mind whatever caused the ssl config to puke in the first place is still there :) Ryan
