On 09/23/2011 01:24 PM, Orion Poplawski wrote: > I'm trying to setup MMR with another office site. We're trying to connect > over SSL, but my server gives the error: > > [23/Sep/2011:12:00:56 -0600] slapi_ldap_bind - Error: could not send bind > request for id [cn=Replication Manager,cn=config] mech [SIMPLE]: error 81 > (Can't contact LDAP server) -8179 (Peer's Certificate issuer is not > recognized.) 11 (Resource temporarily unavailable) > > I've added what I believe are the proper CA certs (it is a chain of 3) for the > remote server to my directory server via the 389-console and manage > certificates. Did it have 3 in a single file, or 3 different files? > However, I noticed that when I use certutil on the server to > list the certificates, I don't see them: > > # certutil -d /etc/dirsrv/slapd-cora/ -L > > Certificate Nickname Trust Attributes > SSL,S/MIME,JAR/XPI > > CA certificate CT,, > server-cert u,u,u > > I would have thought they would be stored in the same place. They should be. > If not, where > are the one listed in the console stored? Good question. > Does it matter that they aren't > showing up with certutil? Yes. Are these chained to a well-known root CA? If so, you can add those to the directory server CA certs list: http://directory.fedoraproject.org/wiki/Howto:SSL#Viewing_the_list_of_built-in_CA_certs > Anything else I can do to debug the SSL connection? It may just be that if there is more than one CA cert in the file only the first or last is added. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
