Ski Kacoroski wrote: > Ah, I do not get this error when I connect to the IP, only to the > hostname. I am also getting a lot of notices for: > > admserv_host_ip_check: ap_get_remote_host could not resolve 10.1.9.10 > > even though I have defined in the /etc/hosts file and in dns: > > ;; ANSWER SECTION: > 10.9.1.10.in-addr.arpa. 86400 IN PTR ldaptest.nsd.org. > > Very strange. > look for HostnameLookups in /etc/dirsrv/admin-serv/console.conf See also http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt for why the admin server is attempting to perform hostname lookups > ski > > On 03/03/2010 11:14 AM, Ski Kacoroski wrote: > >> Ok, I got the admin server to partially work (took a while to figure out >> that it uses a different way to get the password from a file for a >> restart). So it works, but even though the cert path is ok and the cert >> is ok for SSL server and SSL client, I am getting this warning on logon: >> >> "The certificate this server present is either untrusted or unknown. >> This server can only communicate through a secure connection >> involving a certificate. >> Do you wish to accept this certificate anyway? >> " >> >> When I look at the details I see: >> >> "this certificate does not contain the correct site name" >> >> I am guessing this is because I am using my "*.nsd.org" cert and the >> admin server requires a specific named cert. Does that sound correct to >> you? >> >> Again, thanks for your help. >> >> cheers, >> >> ski >> >> On 03/03/2010 10:29 AM, Ski Kacoroski wrote: >> >>> Rich& Rob, >>> >>> I am making some progress. I got it to work partially. My problem was >>> that it did not like the default digicert root cert (the one I see by >>> linking to /usr/lib64/libnssckbi.so). When I installed the digicert >>> root cert that came with the server cert, it worked. I figured this out >>> by looking at the server cert certification path and seeing it was broken. >>> >>> So I am now trying to turn it on for the console by ticking the checkbox >>> (the admin server is next). It seems to work as I can save the setting >>> and then I restart the services. However, when I go into the console >>> and try to either "Manage Certs" or choose Configuration->Encryption I >>> get a dialog that shows up twice: >>> >>> "An error has occurred, Could not open file (null). File does not exist >>> or filename is invalid." >>> >>> I am able to untick the use ssl in console option and then I can manage >>> my certs again. >>> >>> Any ideas on what is going on here. >>> >>> Again, thanks very much for your help. >>> >>> cheers, >>> >>> ski >>> >>> On 03/03/2010 08:46 AM, Rich Megginson wrote: >>> >>>> Ski Kacoroski wrote: >>>> >>>>> Ok, looks like I need to reboot the entire server to get the admin >>>>> console stop server functionality to work. >>>>> >>>> You probably could have just restarted the directory server and admin >>>> server: >>>> service dirsrv restart >>>> service dirsrv-admin restart >>>> >>>>> Now, has anyone had any luck >>>>> using a * cert with the 389 server? >>>>> >>>>> >>>> What problems are you having still? >>>> >>>>> cheers, >>>>> >>>>> ski >>>>> >>>>> On 03/02/2010 03:24 PM, Ski Kacoroski wrote: >>>>> >>>>> >>>>>> Hi, >>>>>> >>>>>> I am having problems with SSL setup. First I tried via the admin >>>>>> console to use our company's star cert, but no matter what [in/password >>>>>> I picked for the keystore, when I tried to restart the server it would >>>>>> not accept my pin/password that I had just entered. I then gave up and >>>>>> ran the setupssl2.sh script and this worked except that it threw an >>>>>> error when trying to modify the directory to turn on ssl. So I went in >>>>>> via the admin console and was able to turn on ssl for the admin console >>>>>> and my directory. The problem now is that I cannot stop the server from >>>>>> the admin console (I can start it ok). I just get a dialog with >>>>>> "Directory Server nsd-org could not be stopped". Any ideas on why when >>>>>> I can start the server ok? Also has any one else made this work with a >>>>>> star cert? >>>>>> >>>>>> cheers, >>>>>> >>>>>> ski >>>>>> >>>>>> >>>>>> >>>>> >>>> -- >>>> 389 users mailing list >>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>> > > -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
