Hello all: Have tried to get my lab set up with 389 and secure connections multiple times now with disasterous results; and yes have tried to follow http://www.port389.org/docs/389ds/howto/howto-ssl.html Here is a very brief walkthrough of what I did: * from my PKI created four certificates - node1 admin and node2 directory + node2 admin and node2 directory certificates * on both node1 and node2 installed the following packages: [root@ads01 ~]# rpm -qa | grep 389 389-adminutil-1.1.22-1.el7.x86_64 389-ds-base-1.3.4.0-21.el7_2.x86_64 389-admin-console-1.1.10-1.el7.noarch 389-console-1.1.9-1.el7.noarch 389-ds-base-libs-1.3.4.0-21.el7_2.x86_64 389-admin-1.1.42-1.el7.x86_64 389-ds-console-1.2.12-1.el7.noarch * on node1 ran setup-ds-admin.pl and configured the initial directory server * on node1 configured the admin to use TLS + the directory server so that it bound to 636 * on node2 ran setup-ds-admin.pl and joined the directory server on node1 * on node2 configured the admin to use TLS * on node2 launch 389-console using https and then try to connect too the directory server on node2 and it just hangs and fails with an SSL error over and over: [Fri Jan 15 17:22:14.391824 2016] [:crit] [pid 705:tid 140640199088192] sslinit: NSS is required to use LDAPS, but security initialization failed [-8015:The certificate/key database is in an old, unsupported format or failed to open.]. How does one perform an install, with two nodes, that each has an administration instance plus a directory server running TLS on 636 ?? Have not even been able to attempt multi-master replication yet :( All help appreciated. Thanks, Phil -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@xxxxxxxxxxxxxxxxxxxxxxx
