[389-users] Problems with SSL
Rich Megginson
rmeggins at redhat.com
Wed Mar 3 16:45:15 UTC 2010
Ski Kacoroski wrote:
> Hi,
>
> I am having problems with SSL setup. First I tried via the admin
> console to use our company's star cert,
What exactly did you do? Note that if you have an existing server
cert+key, you'll have to import that as a pkcs12 file (which contains
both the server cert and private key, encrypted). You may also have to
import the CA cert if the CA that issued your cert is not chain-able up
to one of the NSS default root CAs.
> but no matter what [in/password
> I picked for the keystore, when I tried to restart the server it would
> not accept my pin/password that I had just entered.
Did you try setting up a pin.txt file?
> I then gave up and
> ran the setupssl2.sh script and this worked except that it threw an
> error when trying to modify the directory to turn on ssl.
What error?
> So I went in
> via the admin console and was able to turn on ssl for the admin console
> and my directory. The problem now is that I cannot stop the server from
> the admin console (I can start it ok). I just get a dialog with
> "Directory Server nsd-org could not be stopped".
run the console with 389-console -D 9 -f console.log - see if there are
any clues in the log
also check the admin server logs - /var/log/dirsrv/admin-serv
> Any ideas on why when
> I can start the server ok? Also has any one else made this work with a
> star cert?
>
star (wildcard) certs are not recommended - it is better to use
subjectAltName certs - but they should work
> cheers,
>
> ski
>
>
More information about the 389-users
mailing list