Re: [389-users] SSL Error on Startup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Is the SSL certificate self signed or is it issued by a valid Root?

 

·         May help to see the  content of the certificate to see what extensions and key usage of the certificate your attempting to use.

 

David M. Partridge

 

From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx]
Sent: Tuesday, September 20, 2011 10:06 AM
To: Chris Ober; 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [389-users] SSL Error on Startup

 

On 09/20/2011 07:45 AM, Chris Ober wrote:

Rich,

I've read that, and I believe I've followed the steps shown there, but it doesn't solve my problem.

let's start with perms/ownership
ls -al /etc/dirsrv/slapd-instance
grep nsslapd-localuser /etc/dirsrv/slapd-instance/dse.ldif

see what the server cert name is
grep -i personality /etc/dirsrv/slapd-instance/dse.ldif

next, look at certutil
certutil -d /etc/dirsrv/slapd-instance -L
certutil -d /etc/dirsrv/slapd-instance -L -n "name of CA cert"
certutil -d /etc/dirsrv/slapd-instance -L -n "name of server cert"



~Chris

On 9/19/11 2:47 PM, Rich Megginson wrote:

On 09/19/2011 12:26 PM, Chris M. Ober wrote:

Hello all,

I've installed 389 to replace an ancient server that is on its last legs. I got everything configured and working, until just now. I generated and signed ssl keys to use ldaps, and it seemed to accept everything. It told me to restart the service, which it wouldn't allow me to do from the console. From the command line `service dirsrv restart` gave me an error I can't figure out. The error is:

<?ae=PreFormAction&a=Forward&t=IPM.Note&id=RgAAAAAddcPi7ODVRL%2bRKLFJpZ86BwCjUgqOSZifQqfpcvM7EMjGAAAAkkLWAACjUgqOSZifQqfpcvM7EMjGAAAO0Wg%2fAAAJ&pspid=_1316456764395_268663948#>
[root@ceto2 ~]# service dirsrv start
Starting dirsrv:
    ceto2...[19/Sep/2011:14:07:19 -0400] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)
[19/Sep/2011:14:07:19 -0400] - ERROR: SSL Initialization Failed.
                                                           [FAILED]
  *** Warning: 1 instance(s) failed to start


I haven't been able to find anything on google to help me solve this. Any idea what is going wrong?

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#SecureConnections



Thank you,
Chris


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

 

 

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux