Re: [389-users] Odd SSL Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/04/2011 01:17 AM, Craig T wrote:
> Hi,
>
> Setup:
> Fedora 15 x64
> * 389-admin-1.1.23-1.fc15.x86_64
> * 389-admin-console-1.1.8-1.fc15.noarch
> * 389-admin-console-doc-1.1.8-1.fc15.noarch
> * 389-adminutil-1.1.14-1.fc15.x86_64
> * 389-console-1.1.7-1.fc15.noarch
> * 389-ds-1.2.2-1.fc15.noarch
> * 389-ds-base-1.2.9.10-2.fc15.x86_64
> * 389-ds-base-libs-1.2.9.10-2.fc15.x86_64
> * 389-ds-console-1.2.6-1.fc15.noarch
> * 389-ds-console-doc-1.2.6-1.fc15.noarch
> * 389-dsgw-1.1.7-2.fc15.x86_64
>
> Disclaimer:
> I'm pretty new to 389 Directory Server so this might be a simple question.
>
> Goal:
> I am attempting to install a CA&  server certificate, which I have signed by my own openssl CA.
>
> My Steps:
> After using the 389 Console to generate my certificate request, I was then able to sign it with my openssl CA and install the cert (plus CA cert) into the 389 Directory Server without issue. I then choose the;
> - "Enable SSL for this server" option and selected the security device and server cert "server-crt2".
> - I checked the CA cert and it showed that there was no broken links in the certification paths.
>
> Issue:
> After restarting Directory Server, I was surprised to see the following error;
> -----------------------------------------------------------------------------------------
> [04/Oct/2011:17:39:09 +1100] - SSL alert: Security Initialization: Can't find certificate (server-cert2) for family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.)
> [04/Oct/2011:17:39:09 +1100] - SSL alert: Security Initialization: Unable to retrieve private key for cert server-cert2 of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.)
> [04/Oct/2011:17:39:09 +1100] - SSL failure: None of the cipher are valid
> [04/Oct/2011:17:39:09 +1100] - ERROR: SSL Initialization phase 2 Failed.
> -----------------------------------------------------------------------------------------
>
>
> I feel like I must be missing something pretty obvious, any suggestions?
ls -al /etc/dirsrv/slapd-yourinstance
certutil -d /etc/dirsrv/slapd-yourinstance -L

if it doesn't show a cert named "server-cert2" then it is possible that 
the console did not properly install the SSL cert
> cya
>
> Craig
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux