Ok, I got the admin server to partially work (took a while to figure out that it uses a different way to get the password from a file for a restart). So it works, but even though the cert path is ok and the cert is ok for SSL server and SSL client, I am getting this warning on logon: "The certificate this server present is either untrusted or unknown. This server can only communicate through a secure connection involving a certificate. Do you wish to accept this certificate anyway? " When I look at the details I see: "this certificate does not contain the correct site name" I am guessing this is because I am using my "*.nsd.org" cert and the admin server requires a specific named cert. Does that sound correct to you? Again, thanks for your help. cheers, ski On 03/03/2010 10:29 AM, Ski Kacoroski wrote: > Rich& Rob, > > I am making some progress. I got it to work partially. My problem was > that it did not like the default digicert root cert (the one I see by > linking to /usr/lib64/libnssckbi.so). When I installed the digicert > root cert that came with the server cert, it worked. I figured this out > by looking at the server cert certification path and seeing it was broken. > > So I am now trying to turn it on for the console by ticking the checkbox > (the admin server is next). It seems to work as I can save the setting > and then I restart the services. However, when I go into the console > and try to either "Manage Certs" or choose Configuration->Encryption I > get a dialog that shows up twice: > > "An error has occurred, Could not open file (null). File does not exist > or filename is invalid." > > I am able to untick the use ssl in console option and then I can manage > my certs again. > > Any ideas on what is going on here. > > Again, thanks very much for your help. > > cheers, > > ski > > On 03/03/2010 08:46 AM, Rich Megginson wrote: >> Ski Kacoroski wrote: >>> Ok, looks like I need to reboot the entire server to get the admin >>> console stop server functionality to work. >> You probably could have just restarted the directory server and admin >> server: >> service dirsrv restart >> service dirsrv-admin restart >>> Now, has anyone had any luck >>> using a * cert with the 389 server? >>> >> What problems are you having still? >>> cheers, >>> >>> ski >>> >>> On 03/02/2010 03:24 PM, Ski Kacoroski wrote: >>> >>>> Hi, >>>> >>>> I am having problems with SSL setup. First I tried via the admin >>>> console to use our company's star cert, but no matter what [in/password >>>> I picked for the keystore, when I tried to restart the server it would >>>> not accept my pin/password that I had just entered. I then gave up and >>>> ran the setupssl2.sh script and this worked except that it threw an >>>> error when trying to modify the directory to turn on ssl. So I went in >>>> via the admin console and was able to turn on ssl for the admin console >>>> and my directory. The problem now is that I cannot stop the server from >>>> the admin console (I can start it ok). I just get a dialog with >>>> "Directory Server nsd-org could not be stopped". Any ideas on why when >>>> I can start the server ok? Also has any one else made this work with a >>>> star cert? >>>> >>>> cheers, >>>> >>>> ski >>>> >>>> >>> >>> >> >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > -- "When we try to pick out anything by itself, we find it connected to the entire universe" John Muir Chris "Ski" Kacoroski, ckacoroski@xxxxxxx, 206-501-9803 or ski98033 on most IM services -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
