hi
ii had been working before, recently i saw 2 errors on this server rh6.6, 389-ds-1.2.2-1 .
1) login to COnsole GUI not showing the 389 ldap server; after enter the password, just a folder not any sign of "+"
2) my certificate failed, i tried to restored *db and my cacert.asc files from last year, didn't help
WHat can it be, is there someone update openssl, changing 389-setup? ..... the certificate just can't suddently stop to work (it is still valid for months)
[root@mars slapd-NNIT]# ldapmodify -x -ZZ -h mars -D "cn=directory manager" -f /tmp/ldap.ldf -W
ldap_start_tls: Connect error (-11)
additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
cat /tmp/ldap.ldf
dn: cn=Test,cn=tek,ou=Infr,dc=redh
replace: passwordExpirationTime
passwordExpirationTime: 19700101000000Z
[root@mars slapd-redh]# certutil -L -d .
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA certificate CTu,u,u
Consumer-Cert u,u,u
Server-Cert u,u,u
[root@mars slapd-redh]#
[root@mars dirsrv]# echo | openssl s_client -showcerts -connect redh.site:636
CONNECTED(00000003)
depth=1 CN = CAcert
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/CN=redh.site
i:/CN=CAcert
-----BEGIN CERTIFICATE-----
MIIBpzCCARCgAwIBAgICA/EwDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UEAxMGQ0Fj
ZXJ0MB4XDTE2MDQyMjEyNDQzMVoXDTM2MDQyMjEyNDQzMVowITEfMB0GA1UEAxMW
a2VpZC5jb3JwLm5vdm9jb3JwLm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAmmsNwXU81UfLvfKvwvoJHQDY2asXir0CEiSDWgyQXL7bjhKgcVietnamp5JQ
lrC5wfE7KdWpsuDpEQXK1kV9FIyBnIpy65pX9Lt/lMPRQ7ts0ygGRk58NL8AQn0b
8hQi//sPs461GG9UpNkOiKiJ30aYZLILq6ONmjcru5+Oq80CAwEAATANBgkqhkiG
9w0BAQUFAAOBgQAb73EOR4gun33uTAG339RkxHBJjP+M8OXe7oO/t8DyZDtZTuan
UueoPw3eZiAqeRZlwFZZ6pLQfRaIDVN1TpHDlQa6qZ7MlPl3zAN3DCZM3gZvAXs
/Abho4vTXesNOFEE49jRcMb5wE/lwt7GExCfCMqXt4cWHfbg2yTUWdaJIg==
-----END CERTIFICATE-----
1 s:/CN=CAcert
i:/CN=CAcert
-----BEGIN CERTIFICATE-----
MIIBqTCCARKgAwIBAgICA/AwDQYJKoZIhvcNAQEFBQAwETEPMA0GA1UEAxMGQ0Fj
ZXJ0MB4XDTE2MDQyMjEyNDQwM1oXDTM2MDQyMjEyNDQwM1owETEPMA0GA1UEAxMG
Q0FjZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRT36sEBN+6/DBO8mS
A2oGKvPME3uiWFm/wJYAACzwoqIewTmbejyuPb63kEhK8koJshIhZodw+T5GSxkd
kYmIAF5GGO7MUlZTVJRnrzThTFXf4JkXKVtsXSZ2H2lLjFR7QMDacPK/mxp3VI3l
8k/jZBa2t+Bure/Qkk8v2hvMLwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBBQUAA4GBAHvx6Wr4rAfZlAMeQViK86rELTPeKfutSx66+s6vO52erc8o
xTJCcVIPMXc2G7VpKKGkt0i2rpO/1poFp617jK2mngCsuwq1OJvWxxIGGMbxcKim
PLmz5fFrj4Rl94VTSZkXqPokRnuIGHx70RJztdxHF2LE6gtChFZX8PXbG1+v
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=redh.site
issuer=/CN=CAcert
---
Acceptable client certificate CA names
/CN=CAcert
---
SSL handshake has read 1049 bytes and written 449 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-GCM-SHA256
Session-ID: 51B603F936EDBCEA7D2885A81F3AD9115A6EE8BF0BED22FA9AF6F56849617748
Session-ID-ctx:
Master-Key: AF2B5A91C669F764C5995E326BAEAD6452CC9A989BD9BE16B110D5F7AE1E1A822DB026913BB3219112EBE6E882AC6FF7
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1490455678
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
DONE
[root@mars dirsrv]#
please help
br van12
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
