----- On 14 Dec, 2015, at 17:16, Mark Reynolds mareynol@xxxxxxxxxx wrote:
> On 12/14/2015 10:55 AM, Phil Daws wrote:
>> ----- On 14 Dec, 2015, at 15:38, Mark Reynolds mareynol@xxxxxxxxxx wrote:
>>
>>> On 12/14/2015 10:23 AM, Phil Daws wrote:
>>>> Hello,
>>>>
>>>> Am trying to enable SSL on my 389 lab instance but having real issues.
>>>>
>>>> I imported the CA certificate chain, created a CSR, signed and installed the
>>>> certificate. Then went into Directory Server -> Configuration and enabled SSL.
>>>> Restarted the directory server but now get this error in the log:
>>>>
>>>> [12/Dec/2015:11:51:02 +0000] - SSL alert: Security Initialization: Unable to
>>>> authenticate (Netscape Portable Runtime error -8177 - The security password
>>>> entered is incorrect.)
>>>> [12/Dec/2015:11:51:02 +0000] - ERROR: SSL Initialization Failed. Disabling SSL.
>>>>
>>>>
>>>> When I issue systemctl restart dirsrv@lab389 it does not prompt for a password,
>>>> and if I create a pin.txt that does not work.
>>> Are you sure the password is correct? Can the DS user read the pin
>>> file? Where did you put the pin file? What is the content of the pin
>>> file(excluding password)?
>>>
>>> My pin file looks like:
>>>
>> Yep, I tried with a pin.txt file and still the same.
> Where did you place the pin.txt file? What does your pin file look
> like? What are the permissions/ownership of pin.txt and DS user?
Without a pin.txt should the system not prompt for the password ? though for reference I placed it under /etc/dirsrv/slapd-{instance}/pin.txt with 0640 perms.
>> What is more bizarre in that once I have imported the cert and CA chain, then
>> enable SSL via the console, if I go back to Manage Certificates it throws an
>> error that it cannot open file (null) ?!?
> Run the console using "-D 9" it might give more info
>>
>>> Internal (Software) Token:<PASSWORD>
>>>> Yet if I use certutil that all looks good:
>>>>
>>>> [root@ads01 slapd-lab389]# certutil -d /etc/dirsrv/slapd-lab389/ -K
>>>> certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and
>>>> Certificate Services"
>>>> Enter Password or Pin for "NSS Certificate DB":
>>>> < 0> rsa 725d885b5d0a1ce92babc48d230108e46dd44866 server-cert
>>>>
>>>> Version:
>>>>
>>>> [root@lab389 slapd-lab389]# rpm -qa | grep 389
>>>> 389-ds-base-1.3.3.1-23.el7_1.x86_64
>>>> 389-admin-1.1.38-1.el7.x86_64
>>>> 389-ds-base-libs-1.3.3.1-23.el7_1.x86_64
>>>> 389-adminutil-1.1.21-2.el7.x86_64
>>>>
>>>> Any ideas please ? Thanks. Phil
>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users@%(host_name)s
>>>> http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
