[389-users] Console breaks when enabling no anoymous binding

[Rich Megginson]

Gerrard Geldenhuis wrote:
>>>> What's not necessary?  Note that the admin server and directory server
>>>> have separate cert databases.  Also note that the NSS crypto team is
>>>> working towards a unified system-wide cert db.
>>>>
>>>>         
>>> That could have been more clear, I meant that a lack of certs in the Admin Server db should not cause an error when trying to access cert information in the >directory server db. But as I said that is from 10 000 feet viewpoint.
>>>
>>>       
>> The SSL client must have a CA cert.  In this case, the SSL client is the
>> Admin Server, and the SSL server is the configuration directory server
>> (the directory server that holds o=NetscapeRoot).  When the "Use SSL in
>> Console" is selected, the console and admin server will use SSL to
>> contact the configuration DS.
>>     
>
> Just to clarify this.
>
> Do I only need the CA cert in the /etc/dirsrv/admin-serv/ cert database
You only need the CA cert in there for the client side of SSL.
> or do I need the server CA in there as well.
I think you mean server cert.  No, you do not need the server cert for 
SSL client.  However, if you want the admin server to be an SSL server, 
you will need the server cert.
> If so I could for all intents and purposes copy /etc/dirsrv/slapd-testserver/*.db to /etc/dirsrv/admin-serv/ ?
>   
Yes.
> Also I am not sure where the certdb password for /etc/dirsrv/admin-serv/ is stored?
>   
You don't need the password for SSL client.
> Regards
>
>
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from 
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>