On 12/14/2015 10:23 AM, Phil Daws wrote:
Hello,
Am trying to enable SSL on my 389 lab instance but having real issues.
I imported the CA certificate chain, created a CSR, signed and installed the certificate. Then went into Directory Server -> Configuration and enabled SSL. Restarted the directory server but now get this error in the log:
[12/Dec/2015:11:51:02 +0000] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8177 - The security password entered is incorrect.)
[12/Dec/2015:11:51:02 +0000] - ERROR: SSL Initialization Failed. Disabling SSL.
When I issue systemctl restart dirsrv@lab389 it does not prompt for a password, and if I create a pin.txt that does not work.
Are you sure the password is correct? Can the DS user read the pin
file? Where did you put the pin file? What is the content of the pin
file(excluding password)?
My pin file looks like:
Internal (Software) Token:<PASSWORD>
Yet if I use certutil that all looks good:
[root@ads01 slapd-lab389]# certutil -d /etc/dirsrv/slapd-lab389/ -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> rsa 725d885b5d0a1ce92babc48d230108e46dd44866 server-cert
Version:
[root@lab389 slapd-lab389]# rpm -qa | grep 389
389-ds-base-1.3.3.1-23.el7_1.x86_64
389-admin-1.1.38-1.el7.x86_64
389-ds-base-libs-1.3.3.1-23.el7_1.x86_64
389-adminutil-1.1.21-2.el7.x86_64
Any ideas please ? Thanks. Phil
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
