On 09/23/2011 03:04 PM, Orion Poplawski wrote: > On 09/23/2011 02:58 PM, Rich Megginson wrote: >> On 09/23/2011 02:53 PM, Orion Poplawski wrote: >>> On 09/23/2011 01:44 PM, Rich Megginson wrote: >>>> On 09/23/2011 01:24 PM, Orion Poplawski wrote: >>>>> Does it matter that they aren't >>>>> showing up with certutil? >>> >>>> Yes. >>> >>> That's what I thought so I used certutil as well. The console then >>> showed >>> those entries with the names I gave them with certutil. >> So they are showing up in the console but not certutil? Any >> difference between >> certutil -d /etc/dirsrv/slapd-hostname -L >> and >> certutil -d /etc/dirsrv/admin-serv -L >> ? That is, perhaps they were added to the admin server but not the >> directory >> server? > > Good catch - the ones I added through the console are in admin-serv. > I definitely connected to the directory server though and not the > admin server. So if you add them to the directory server, do you still get the above SSL error? > >>>> Are these chained to a well-known root CA? If so, you can add those >>>> to the >>>> directory server CA certs list: >>>> http://directory.fedoraproject.org/wiki/Howto:SSL#Viewing_the_list_of_built-in_CA_certs >>>> >>>> >>> >>> The top in the bundle is www.valicert.com, for which I haven't had >>> trouble >>> with for browsers and the like. I'm not having any luck with linking >>> in the >>> library and seeing the root CAs. >> so if you link the library, and then do >> certutil -d /etc/dirsrv/slapd-hostname -L >> you don't see any of those CA certs? > > Correct. Not with certutil or in 389-console ls -al /etc/dirsrv/slapd-hostname ls -alL /etc/dirsrv/slapd-hostname > >> Try stopping the directory server before using certutil. > > No help. > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
