Rich, Thanks for all your help. I got it all working like I expect except I still get the errors in the logs about admserv_host_ip_check's. I really do not want to turn on HostnameLookups so is there anyway to stop the notices so they do not fill up the logs. I searched the documentation and could not find out how to do this. Also I could not find anything in http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt about hostname lookups (did I just miss it). Thanks again for your time and help. cheers, ski On 03/03/2010 07:05 PM, Rich Megginson wrote: > Ski Kacoroski wrote: >> Ah, I do not get this error when I connect to the IP, only to the >> hostname. I am also getting a lot of notices for: >> >> admserv_host_ip_check: ap_get_remote_host could not resolve 10.1.9.10 >> >> even though I have defined in the /etc/hosts file and in dns: >> >> ;; ANSWER SECTION: >> 10.9.1.10.in-addr.arpa. 86400 IN PTR ldaptest.nsd.org. >> >> Very strange. >> > look for HostnameLookups in /etc/dirsrv/admin-serv/console.conf > > See also > http://directory.fedoraproject.org/wiki/Howto:AdminServerLDAPMgmt for > why the admin server is attempting to perform hostname lookups >> ski >> >> On 03/03/2010 11:14 AM, Ski Kacoroski wrote: >> >>> Ok, I got the admin server to partially work (took a while to figure out >>> that it uses a different way to get the password from a file for a >>> restart). So it works, but even though the cert path is ok and the cert >>> is ok for SSL server and SSL client, I am getting this warning on logon: >>> >>> "The certificate this server present is either untrusted or unknown. >>> This server can only communicate through a secure connection >>> involving a certificate. >>> Do you wish to accept this certificate anyway? >>> " >>> >>> When I look at the details I see: >>> >>> "this certificate does not contain the correct site name" >>> >>> I am guessing this is because I am using my "*.nsd.org" cert and the >>> admin server requires a specific named cert. Does that sound correct to >>> you? >>> >>> Again, thanks for your help. >>> >>> cheers, >>> >>> ski >>> >>> On 03/03/2010 10:29 AM, Ski Kacoroski wrote: >>> >>>> Rich& Rob, >>>> >>>> I am making some progress. I got it to work partially. My problem was >>>> that it did not like the default digicert root cert (the one I see by >>>> linking to /usr/lib64/libnssckbi.so). When I installed the digicert >>>> root cert that came with the server cert, it worked. I figured this out >>>> by looking at the server cert certification path and seeing it was broken. >>>> >>>> So I am now trying to turn it on for the console by ticking the checkbox >>>> (the admin server is next). It seems to work as I can save the setting >>>> and then I restart the services. However, when I go into the console >>>> and try to either "Manage Certs" or choose Configuration->Encryption I >>>> get a dialog that shows up twice: >>>> >>>> "An error has occurred, Could not open file (null). File does not exist >>>> or filename is invalid." >>>> >>>> I am able to untick the use ssl in console option and then I can manage >>>> my certs again. >>>> >>>> Any ideas on what is going on here. >>>> >>>> Again, thanks very much for your help. >>>> >>>> cheers, >>>> >>>> ski >>>> >>>> On 03/03/2010 08:46 AM, Rich Megginson wrote: >>>> >>>>> Ski Kacoroski wrote: >>>>> >>>>>> Ok, looks like I need to reboot the entire server to get the admin >>>>>> console stop server functionality to work. >>>>>> >>>>> You probably could have just restarted the directory server and admin >>>>> server: >>>>> service dirsrv restart >>>>> service dirsrv-admin restart >>>>> >>>>>> Now, has anyone had any luck >>>>>> using a * cert with the 389 server? >>>>>> >>>>>> >>>>> What problems are you having still? >>>>> >>>>>> cheers, >>>>>> >>>>>> ski >>>>>> >>>>>> On 03/02/2010 03:24 PM, Ski Kacoroski wrote: >>>>>> >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I am having problems with SSL setup. First I tried via the admin >>>>>>> console to use our company's star cert, but no matter what [in/password >>>>>>> I picked for the keystore, when I tried to restart the server it would >>>>>>> not accept my pin/password that I had just entered. I then gave up and >>>>>>> ran the setupssl2.sh script and this worked except that it threw an >>>>>>> error when trying to modify the directory to turn on ssl. So I went in >>>>>>> via the admin console and was able to turn on ssl for the admin console >>>>>>> and my directory. The problem now is that I cannot stop the server from >>>>>>> the admin console (I can start it ok). I just get a dialog with >>>>>>> "Directory Server nsd-org could not be stopped". Any ideas on why when >>>>>>> I can start the server ok? Also has any one else made this work with a >>>>>>> star cert? >>>>>>> >>>>>>> cheers, >>>>>>> >>>>>>> ski >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> -- >>>>> 389 users mailing list >>>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>>>> >> >> > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- "When we try to pick out anything by itself, we find it connected to the entire universe" John Muir Chris "Ski" Kacoroski, ckacoroski@xxxxxxx, 206-501-9803 or ski98033 on most IM services -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
