I have a new 389 installation running on Centos 8. I'm trying to follow the https://directory.fedoraproject.org/docs/389ds/howto/howto-install-389.html and https://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html instructions. However, once I enable TLS, my instance no longer starts up and I get the following error:
[26/Apr/2020:17:09:55.928293129 +0000] - ERR - attrcrypt_fetch_private_key - Can't find certificate server-cert: -5950 - File not found.
[26/Apr/2020:17:09:55.928654096 +0000] - ERR - attrcrypt_fetch_private_key - Can't get private key from cert server-cert: -5950 - File not found.
This is the ldif I'm using to configure TLS:
dn: cn=ECDSA,cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionModule
cn: ECDSA
nsSSLPersonalitySSL: ldap2.mydomain.com
nsSSLActivation: on
nsSSLToken: Internal (Software)
and
dn: cn=encryption,cn=config
changetype: modify
add: sslVersionMin
sslVersionMin: TLS1.2
I also deleted the cn=RSA object as these are ECDSA certificates. Note that yes, I did change the name of the cert. So I have no idea why it is looking for server-cert.
Two questions. Once I turn on TLS,by setting nsslapd-security, the instance no longer starts. Is there a way to revert the latest configuration change so that I can get the instance started and fix it? So far I've been having to recreate the instance completely.
Second, what did I break? How do I get TLS working on my instance?
Thanks
Scott
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
