Marco Bellacosa wrote:
Thanks Richard, Richard Megginson wrote: > Marco Bellacosa wrote: > >> Dear all, >> >> I got problems while restarting my fedora-ds. In particular, >> when I try to start the server via start-slapd I receive the following >> message: >> >> [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: >> verify certificate failed for cert server-cert of family >> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 >> - Peer's Certificate has expired.)>> [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are valid\>> >> Then, if I try to menage certificates via console, I am not able to >> log in the console, I get the message: >> >> Cannot connect to the Admin Server ..... >> The URL is not correct or the server is not running. >> >> Therefore, I cannot start the server because my certificate is no more >> valid and I cannot menage certificate because my console doesn't open >> (it seems to me). Can anyone help me? >> Looks like you will have to generate a new server (or CA?) cert. Do you> have a CA? See http://directory.fedora.redhat.com/wiki/Howto:SSL for > some examples of how to use the command line certutil tool. > I followed the examples, but now # start-slapd Enter PIN for Internal (Software) Token: I insert the password and [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization Can't find certificate (server-cert) for family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.) [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization: Unable to retrieve private key for cert server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.) [24/Aug/2006:09:19:22 +0200] - SSL failure: None of the cipher are valid Please, note that I have my new admin-serv-hostname-cert8.db, slapd-hostname-cert8.db and so on and a valid CA certificate.
cd /opt/fedora-ds/alias ../shared/bin/certutil -P slapd-hostname- -d . -L ../shared/bin/certutil -P slapd-hostname- -d . -L -n server-cert ../shared/bin/certutil -P slapd-hostname- -d . -L -n Server-Cert
Thanks in advance, marco >> Fedora-directory-users mailing list >> Fedora-directory-users@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> ------------------------------------------------------------------------> > -- > Fedora-directory-users mailing list > Fedora-directory-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
