Dumbo Q wrote:
I just installed a new ssl certificate using pk12util. I restarted my dirsrv, and picked the new cert in the dropdown menu under the encryption tab. I restarted dirsrv to make it take affect. When I did this, I found that the root certificate was not in redhats/openssls ca-bundle. I tried importing the intermediate certificate, and I think I just made the problem worse.The default list of approved root CAs are in a shared library called libnssckbi.so - try thisright now im getting the following.SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert rhds.example.com - Comodo CA Limited of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - Peer's Certificate issuer is not recognized.)[08/Jul/2009:14:18:04 -0400] - SSL failure: None of the cipher are validNow my directory is down completely. How can I get it to start up without SSL so that I can fix the problem?
cd /etc/dirsrv/slapd-yourinstance ln -s /usr/lib/libnssckbi.so
------------------------------------------------------------------------ -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
