Hello, I'm attempting to configure 389 DS v1.2.9.14 on RHEL 6.2 to use TLS with a certificate issued by a CA. I was previously able to configure TLS support using a self-signed certificate on a test system using 389 DS 1.2.8.2, but I am not having any success with the CA-issued certificate. Using the GUI is not an option, but I have used certutil to create the key/certificate databases, generate a CSR, and subsequently install the CA certificate and the signed SSL certificate. The server has been configured to use the certificate and the LDAPS listener has been enabled. The server starts up without complaint and the error log shows that it is listening on both port 389 and 636. However, attempts to connect to the LDAPS port fail: ds1.imorgan % openssl s_client -connect localhost:636 CONNECTED(00000003) 140218505807688:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 113 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- ds1.imorgan % Unfortunately, there do not appear to be any log messages which indicate the source of the problem. I've played with the trust flags for the certificate and have even tried re-importing it; all to no avail. Any help would be appreciated. Thanks -- Iain Morgan -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
