Hi, Thanks for the advice! Although I don't yet understand what was wrong with the console client, those tests proved that the database was in fact empty. I then installed the certs via certutil and the server started up first time :) cya Craig On Tue, Oct 04, 2011 at 10:54:15AM -0600, Rich Megginson wrote: > On 10/04/2011 01:17 AM, Craig T wrote: > >Hi, > > > >Setup: > >Fedora 15 x64 > >* 389-admin-1.1.23-1.fc15.x86_64 > >* 389-admin-console-1.1.8-1.fc15.noarch > >* 389-admin-console-doc-1.1.8-1.fc15.noarch > >* 389-adminutil-1.1.14-1.fc15.x86_64 > >* 389-console-1.1.7-1.fc15.noarch > >* 389-ds-1.2.2-1.fc15.noarch > >* 389-ds-base-1.2.9.10-2.fc15.x86_64 > >* 389-ds-base-libs-1.2.9.10-2.fc15.x86_64 > >* 389-ds-console-1.2.6-1.fc15.noarch > >* 389-ds-console-doc-1.2.6-1.fc15.noarch > >* 389-dsgw-1.1.7-2.fc15.x86_64 > > > >Disclaimer: > >I'm pretty new to 389 Directory Server so this might be a simple question. > > > >Goal: > >I am attempting to install a CA& server certificate, which I have signed by my own openssl CA. > > > >My Steps: > >After using the 389 Console to generate my certificate request, I was then able to sign it with my openssl CA and install the cert (plus CA cert) into the 389 Directory Server without issue. I then choose the; > >- "Enable SSL for this server" option and selected the security device and server cert "server-crt2". > >- I checked the CA cert and it showed that there was no broken links in the certification paths. > > > >Issue: > >After restarting Directory Server, I was surprised to see the following error; > >----------------------------------------------------------------------------------------- > >[04/Oct/2011:17:39:09 +1100] - SSL alert: Security Initialization: Can't find certificate (server-cert2) for family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.) > >[04/Oct/2011:17:39:09 +1100] - SSL alert: Security Initialization: Unable to retrieve private key for cert server-cert2 of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.) > >[04/Oct/2011:17:39:09 +1100] - SSL failure: None of the cipher are valid > >[04/Oct/2011:17:39:09 +1100] - ERROR: SSL Initialization phase 2 Failed. > >----------------------------------------------------------------------------------------- > > > > > >I feel like I must be missing something pretty obvious, any suggestions? > ls -al /etc/dirsrv/slapd-yourinstance > certutil -d /etc/dirsrv/slapd-yourinstance -L > > if it doesn't show a cert named "server-cert2" then it is possible > that the console did not properly install the SSL cert > >cya > > > >Craig > >-- > >389 users mailing list > >389-users@xxxxxxxxxxxxxxxxxxxxxxx > >https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
