Re: Error enabling SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/14/2015 10:55 AM, Phil Daws wrote:

----- On 14 Dec, 2015, at 15:38, Mark Reynolds mareynol@xxxxxxxxxx wrote:


On 12/14/2015 10:23 AM, Phil Daws wrote:

Hello,

Am trying to enable SSL on my 389 lab instance but having real issues.

I imported the CA certificate chain, created a CSR, signed and installed the
certificate. Then went into Directory Server -> Configuration and enabled SSL.
Restarted the directory server but now get this error in the log:

[12/Dec/2015:11:51:02 +0000] - SSL alert: Security Initialization: Unable to
authenticate (Netscape Portable Runtime error -8177 - The security password
entered is incorrect.)
[12/Dec/2015:11:51:02 +0000] - ERROR: SSL Initialization Failed. Disabling SSL.


When I issue systemctl restart dirsrv@lab389 it does not prompt for a password,
and if I create a pin.txt that does not work.

Are you sure the password is correct?  Can the DS user read the pin
file?  Where did you put the pin file?  What is the content of the pin
file(excluding password)?

My pin file looks like:


Yep, I tried with a pin.txt file and still the same.
Where did you place the pin.txt file? What does your pin file look like? What are the permissions/ownership of pin.txt and DS user? 
What is more bizarre in that once I have imported the cert and CA chain, then enable SSL via the console, if I go back to Manage Certificates it throws an error that it cannot open file (null) ?!?

Run the console using "-D 9" it might give more info



Internal (Software) Token:<PASSWORD>

Yet if I use certutil that all looks good:

[root@ads01 slapd-lab389]# certutil -d /etc/dirsrv/slapd-lab389/ -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and
Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> rsa 725d885b5d0a1ce92babc48d230108e46dd44866 server-cert

Version:

[root@lab389 slapd-lab389]# rpm -qa | grep 389
389-ds-base-1.3.3.1-23.el7_1.x86_64
389-admin-1.1.38-1.el7.x86_64
389-ds-base-libs-1.3.3.1-23.el7_1.x86_64
389-adminutil-1.1.21-2.el7.x86_64

Any ideas please ? Thanks. Phil


--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx



--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux