Re: SSL problems/questions for Fedora DS 1.02

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dellwo, Martin J. [NCSUS] wrote:


Hello,
How can one start up Fedora directory (1.02) server instances when one is using SSL? Can it be configured to read the security database password from a file? I believe it may have given me the option initially and I did not take advantage of it, so I am particularly wondering how to set up automatic startup (with no password prompt) after it is already set up to prompt. 


Have you seen this?  http://directory.fedora.redhat.com/wiki/Howto:SSL
Right now, I have slapd running with SSL turned on, but could not restart the admin server after turning it on. I was able to edit two admin server configuration files to turn it back off for the admin server, so now I can start it without SSL. Any pointers to detailed documentation for using SSL with admin server? 


http://www.redhat.com/docs/manuals/dir-server/pdf/console71.pdf - chapter 7
I also now have a new problem where I cannot open the 'Manage Certificates' task for the directory server (slapd) instance itself. In the admin server http logs I get this error
[Thu Jun 22 11:56:06 2006] [notice] [client 10.24.224.137] admserv_host_ip_check: ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
I think this error is benign, especially if you can connect to the admin server via a web browser.
Even though xxx.xxx.xxx.xxx is the IP address of the local server (both where slapd is running and where I am running the console from). It is properly defined in both the local /etc/hosts and in DNS. At the same time, the console gives a pop-up error, "org.mozilla.ssl.SSLSocketException: SSL_ForceHandshake failed: (-5938) Encountered end of file."
Since I think this could be related to an out-of-date certificate CRL, how can one import new CRLs using command line tools?
There is an NSS command line tool called crlutil which is unfortunately not included with fedora ds. You can find it here - ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/ - just make sure you set your LD_LIBRARY_PATH to /opt/fedora-ds/shared/lib before you run crlutil. 

Thanks,
  Marty

*--*
*Martin J. Dellwo*
/NCS Pharma R&D (Exton)/
/NCS, a Johnson & Johnson Company/
/mdellwo@xxxxxxxxxxxxx/


------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux