> certutil -d . -V -n Server-Cert -u V > certutil: certificate is valid > > > Restarting nsslapd I see: > > [19/Sep/2014:10:04:47 +091800] - SSL failure: None of the cipher are > valid > [19/Sep/2014:10:04:47 +091800] - ERROR: SSL Initialization phase 2 > Failed. > > > With NO OTHER errors. Higher log levels have not helped. > > Here are the relevant parts of dse.ldif for my configuration. > > cn=config: > nsslapd-security: on > nsslapd-ssl-check-hostname: off > nsslapd-validate-cert: warn > > dn: cn=encryption,cn=config > nsSSLSessionTimeout: 0 > nsSSLClientAuth: allowed > nsSSL2: off > nsSSL3: on > creatorsName: cn=server,cn=plugins,cn=config > modifiersName: cn=directory manager > > I created an instance side-by-side with this, and enabled SSL from the admin console. A few things. First: dn: cn=encryption,cn=config nsKeyfile: key3.db nsCertfile: cert8.db numSubordinates: 1 Was added extra (I renamed the key and cert8 paths though for the record.) Additionally: cn=RSA,cn=encryption,cn=config nsSSLPersonalitySSL: Server-Cert Seems to be how you identify the server cert on the cli. This seems to have at least gotten me to having working SSL. Again, I'm reusing the same valid certs as I generated in my example. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
