Re: SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Replying to list.

On 04/17/2014 12:22 PM, Andy wrote:

I am having an issue with securing Directory Server communication using SSL which I need guidance on how to solve. I am setting up a master and slave which will use SSL to secure communication between the two servers and to all other clients.

 

I used openssl to create a CA cert and sign the Manager server certificate as follows:

-          CA cert created by  openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650

-          Manager server csr signed - openssl ca -config openssl.cnf -policy policy_anything -out certs/xxx.crt -infiles xxx.csr

-          Checked both certs using before installing on Manager

-          Both certs were installed using root.

-          Enabled encryption via the console and restarted dirsrv. Note coms remain of port 389 after the reboot. E.g. xxx.com:389

-           

o   certutil -L -d . output show that both a CA cert and server cert are installed as follows:

server-cert                                                  u,u,u

xxxx-ca.crt                                                  CT,,

-          I checked that the server is listening on port 636. Logs also confirmed that the Manager is listening on port 636

-          I tested that the Manager can receive connection on port 636, by connecting using telnet from another server – telnet <server name> 636. The connect was also visible on netstat output.

-          I can’t see any errors in /var/log/dirsrv/slpad-<server>/errors 

Can you help so that I can setup secure communication correctly?

Kind regards

Andy

 

 

 

 


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux