[389-users] Console breaks when enabling no anoymous binding
Gerrard Geldenhuis
Gerrard.Geldenhuis at betfair.com
Tue Aug 10 16:28:56 UTC 2010
>>> What's not necessary? Note that the admin server and directory server
>>> have separate cert databases. Also note that the NSS crypto team is
>>> working towards a unified system-wide cert db.
>>>
>>
>> That could have been more clear, I meant that a lack of certs in the Admin Server db should not cause an error when trying to access cert information in the >directory server db. But as I said that is from 10 000 feet viewpoint.
>>
>The SSL client must have a CA cert. In this case, the SSL client is the
>Admin Server, and the SSL server is the configuration directory server
>(the directory server that holds o=NetscapeRoot). When the "Use SSL in
>Console" is selected, the console and admin server will use SSL to
>contact the configuration DS.
Just to clarify this.
Do I only need the CA cert in the /etc/dirsrv/admin-serv/ cert database or do I need the server CA in there as well. If so I could for all intents and purposes copy /etc/dirsrv/slapd-testserver/*.db to /etc/dirsrv/admin-serv/ ?
Also I am not sure where the certdb password for /etc/dirsrv/admin-serv/ is stored?
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
More information about the 389-users
mailing list