Kevin Kovach wrote:
Well that did it. I had actually tried that before. Saw it in some
Sun forum somewhere or something. However, when I tried it I got some
other error so I took it back out. I suspect I had the nsKeyfile and
nsCertfile set incorrectly when I tried it the first time.
Thanks so much for the help.
- Kevin
On 8/3/05, Adam Stokes <astokes@xxxxxxxxxx> wrote:
Kevin Kovach wrote:
dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
nsSSL2: off
nsSSL3: on
creatorsName: cn=server,cn=plugins,cn=config
modifiersName: cn=root
createTimestamp: 20050726153224Z
modifyTimestamp: 20050803144437Z
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des\
_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
nsKeyfile: alias/slapd-birdie-key3.db
nsCertfile: alias/slapd-birdie-cert8.db
numSubordinates: 1
In the following entry I wasn't sure if '(software)' was a comment or
if it was part of the attr value so I've tried it both ways. Didn't
seem to change anything.
dn: cn=RSA,cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionModule
cn: RSA
nsSSLToken: internal (software)
nsSSLPersonalitySSL: Server-Cert
creatorsName: cn=root
modifiersName: cn=root
createTimestamp: 20050803144438Z
modifyTimestamp: 20050803144438Z
dn: cn=config
cn: config
objectClass: top
objectClass: extensibleObject
objectClass: nsslapdConfig
nsslapd-accesslog-logging-enabled: on
nsslapd-accesslog-maxlogsperdir: 10
nsslapd-accesslog-mode: 600
nsslapd-accesslog-maxlogsize: 100
nsslapd-accesslog-logrotationtime: 1
nsslapd-accesslog-logrotationtimeunit: day
nsslapd-accesslog-logrotationsync-enabled: off
nsslapd-accesslog-logrotationsynchour: 0
nsslapd-accesslog-logrotationsyncmin: 0
nsslapd-accesslog: /opt/fedora-ds/slapd-birdie/logs/access
nsslapd-enquote-sup-oc: off
nsslapd-schemacheck: on
nsslapd-rewrite-rfc1274: off
nsslapd-return-exact-case: on
nsslapd-ssl-check-hostname: off
...
modifyTimestamp: 20050803144438Z
nsslapd-security: on
I think those were the three objects modified. If you need more
please let me know. Thanks.
- Kevin
On 8/3/05, Adam Stokes <astokes@xxxxxxxxxx> wrote:
On Wed, 3 Aug 2005 16:54:09 -0400
Kevin Kovach <kovach@xxxxxxxxx> wrote:
I double checked my key and cert files and they are of the correct
format. Incidentally, those then correspond to the nsCertfile and
nsKeyfile attributes that are made in the config changes? It's not
real clear in the wiki. The wiki suggests that the nsKeyfile and
nsCertfile attrs include 'slapd-directory'.
I ask because I originally made the config changes by just copying and
pasting the ldif and I went back and changed them afterwards to be
'slapd-<instance name>'.
The above is correct, again modified the wiki to resemble the changes.
Regardless of that I'm still not able to get the directory to start
up. I'm still seeing the same error in the log ...
[03/Aug/2005:16:21:44 -0400] - Fedora-Directory/7.1 B2005.201.2115
starting up [03/Aug/2005:16:21:44 -0400] - SSL failure: None of the
cipher are valid
I'm going to continue playing with it and research it online, but any
further advice or suggestions would be appreciated. Thanks.
- Kevin
Could you post your changes as it shows in /opt/fedora-ds/slapd-
<instance>/config/dse.ldif?
--
....<(^_^)> adam stokes ....
In the dn: cn=RSA,cn=encryption,cn=config add the following line
nsSSLActivation: on
Sorry for the confusion let me know if this works and ill modify the
wiki accordingly
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
good to hear, will update the wiki to reflect the change
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
