Hi,
I am trying to implement, two 389-ds with ssl
replication.Replication is working without ssl.
when i try to configure ssl enabled 389-ds, i am
getting the error as,
"[13/Jul/2011:17:38:37 +051800] - SSL alert:
CERT_VerifyCertificateNow: verify certificate
failed for cert Server-Cert of family
cn=RSA,cn=encryption,cn=config (Netscape
Portable Runtime error -8179 - Peer's
Certificate issuer is not recognized.)
[13/Jul/2011:17:38:37 +051800] - SSL failure:
None of the cipher are valid"
I did the following as per my environment;
1.my system name is
varad.india.xxx.com. we have
a certificate
star.india.xxx.com
and .pem files,which is used commonly for Apache
and other related services.so i am planning to
import that certificate to my fedora-ds system,
A).openssl pkcs12 -export -inkey
star_dot_india_xxx_key.pem -in
star_dot_india_xxx_cert.crt -out crt.p12 -nodes
-name 'Server-Cert' ==> command went fine
B).pk12util -i <location>/crt.p12 -d .
==> command went fine
C).As per the fedora doc, they specified as "certutil
-d /etc/dirsrv/slapd-INSTANCE -A -n "My Local
CA" -t CT,, -a -i /path/to/ca.pem".so tried this
option as ,
#root@varad:/home/sslforldap#
certutil -d /etc/dirsrv/slapd-varad -A -n
"Server-Cert" -t u,u,u -a -i
star_dot_india_xxx_cert.crt
got an
error ==>certutil: function failed:
security library: bad database.
and then
tried as
#certutil
-d /etc/dirsrv/slapd-varad -A -n
"Server-Cert" -t u,u,u -a -i
star_dot_india_xxx_cert.crt ==> went
fine
D).Added
the relevant details in the dse.ldif and
restarted the dirsrv.but i got the above
error.
E).For
your information,
root@varad:/home/sslforldap#
certutil -L -d .
Certificate
Nickname
Trust Attributes
SSL,S/MIME,JAR/XPI
XXX XXX CA
u,u,u
How
can i proceed further ?
Regards,
Varad
