Re: Error enabling SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- On 14 Dec, 2015, at 15:38, Mark Reynolds mareynol@xxxxxxxxxx wrote:

> On 12/14/2015 10:23 AM, Phil Daws wrote:
>> Hello,
>>
>> Am trying to enable SSL on my 389 lab instance but having real issues.
>>
>> I imported the CA certificate chain, created a CSR, signed and installed the
>> certificate. Then went into Directory Server -> Configuration and enabled SSL.
>> Restarted the directory server but now get this error in the log:
>>
>> [12/Dec/2015:11:51:02 +0000] - SSL alert: Security Initialization: Unable to
>> authenticate (Netscape Portable Runtime error -8177 - The security password
>> entered is incorrect.)
>> [12/Dec/2015:11:51:02 +0000] - ERROR: SSL Initialization Failed. Disabling SSL.
>>
>>
>> When I issue systemctl restart dirsrv@lab389 it does not prompt for a password,
>> and if I create a pin.txt that does not work.
> Are you sure the password is correct?  Can the DS user read the pin
> file?  Where did you put the pin file?  What is the content of the pin
> file(excluding password)?
> 
> My pin file looks like:
> 

Yep, I tried with a pin.txt file and still the same.  What is more bizarre in that once I have imported the cert and CA chain, then enable SSL via the console, if I go back to Manage Certificates it throws an error that it cannot open file (null) ?!?

> Internal (Software) Token:<PASSWORD>
>> Yet if I use certutil that all looks good:
>>
>> [root@ads01 slapd-lab389]# certutil -d /etc/dirsrv/slapd-lab389/ -K
>> certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and
>> Certificate Services"
>> Enter Password or Pin for "NSS Certificate DB":
>> < 0> rsa 725d885b5d0a1ce92babc48d230108e46dd44866 server-cert
>>
>> Version:
>>
>> [root@lab389 slapd-lab389]# rpm -qa | grep 389
>> 389-ds-base-1.3.3.1-23.el7_1.x86_64
>> 389-admin-1.1.38-1.el7.x86_64
>> 389-ds-base-libs-1.3.3.1-23.el7_1.x86_64
>> 389-adminutil-1.1.21-2.el7.x86_64
>>
>> Any ideas please ? Thanks. Phil
>>
>>
>> --
>> 389 users mailing list
>> 389-users@%(host_name)s
> > http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx

--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux