Jeff Gamsby wrote:
One problem may be that ldapsearch is trying to verify the hostname in your server cert, which is the value of the cn attribute in the leftmost RDN in your server cert's subject DN. What is the subject DN of your server cert? You can use certutil -L -n Server-Cert as specified in the Howto:SSL to print your cert.Jeff Gamsby Center for X-Ray Optics Lawrence Berkeley National Laboratory (510) 486-7783 Richard Megginson wrote:I did, but that didn't work for me. The only thing that I did this time was generate a request from the "Manage Certificates", sign the request using my OpenSSL CA, and install the Server and CA Certs. Then I turned on SSL in the Admin console, and restarted the server.Jeff Gamsby wrote:I am trying to get FDS 1.0.2 working in SSL mode. I am using a OpenSSL CA, I have installed the Server Cert and the CA Cert, can start FDS in SSL mode, but when I runldapsearch -x -ZZ I get TLS trace: SSL3 alert write:fatal:unknown CA.Did you follow this - http://directory.fedora.redhat.com/wiki/Howto:SSLWhen I followed the instructions from the link, I couldn't even get FDS to start in SSL mode.
In /etc/ldap.conf, I have put in TLS_CACERT /path/to/certIs this the same /path/to/cacert.pem as below?YesTLSREQCERT allow ssl on ssl start_tls If I runopenssl s_client -connect localhost:636 -showcerts -state -CAfile /path/to/cacert.pemIt looks OK Please help Thanks------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
