Hi, <br>
today, I'm trying to solve ssl issue to comunicate from DS Fedora to
both client and another DS server for replication..after many test,
with your help I catched up this point:<br>
<br>
I'm always in alias directory.<br>
<br>
Create my CA database:<br>
<pre style="margin: 0em;"><br># ../shared/bin/certutil -N -d .<br><br>Make my self CA:<br><br><tt># ../shared/bin/certutil -S -d . -n 'CA Certificate' -s 'cn=CAcert' -x <br></tt><tt>-t CTu,CTu,CTu -g 1024 -m 1 -v 120 -2 -1 -5
<br><br>Create server key and certificate for server1:<br><br></tt><tt># ../shared/bin/</tt><tt>certutil -R -d . -s "cn=nodo1,dc=domain,dc=example,dc=com" -o tmpcertreq <br></tt><tt>-g 1024<br></tt><tt># ../shares/bin/certutil -C -d . -c "CA Certificate" -i tmpcertreq -o
tmpcert.der -m 3 -v 12 <br></tt><tt>-1 -5 -8 <a href="http://domain.example.com">domain.example.com</a><br></tt># ../shared/bin/certutil -A -d . -n <a href="http://nodo1.domain.example.com">nodo1.domain.example.com</a> -t u,u,u -i
tmpcert.der<br>#rm -f tmpcert.der tmpcertreq<br><br>Create server key and certificate for server2:<br><br><tt># ../shared/bin/</tt><tt>certutil -R -d . -s "cn=nodo2,dc=domain,dc=example,dc=com" -o tmpcertreq <br>
</tt><tt>-g 1024<br></tt><tt># ../shares/bin/certutil -C -d . -c "CA Certificate" -i tmpcertreq -o tmpcert.der -m 4 -v 12 <br></tt><tt>-1 -5 -8 <a href="http://domain.example.com">domain.example.com</a></tt><br>
# ../shared/bin/certutil -A -d . -n Alt-Cert -t u,u,u -i tmpcert.der<br>#rm -f tmpcert.der tmpcertreq<br> <br>After that I copy database on server 2 and rename it to match with correct server...finally I enable ssl encrypt on both servers
<br>and I try to establish Multi Master Replication via mmr.pl script...so:<br><br>./mmr.pl --host1 <a href="http://nodo1.domain.example.com">nodo1.domain.example.com</a> --host2 <a href="http://nodo2.domain.example.com">
nodo2.domain.example.com</a> --host1_id 1 --host2_id 2 --bindpw secret<br>--repmanpw secret --create --with-ssl<br><br>unfortunately consulting logs I find:<br><br>NSMMReplicationPlugin - agmt="cn="Replication<br>
to <a href="http://nodo2.domain.example.com">nodo2.domain.example.com</a>"" (nodo2:636): Simple bind failed, LDAP sdk<br>error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error<br>-5961 (TCP connection reset by peer.)
<br><br></pre>
It's incredible that when I find solution for something, at the same time I find problem in another point :-)<br>
<br>
Thanks in advance for support<br>
<br>
Alex<br>
<br>
<br>
<br>