Hello All,<div><br></div><div>I was wondering if anyone could help me with this setup. I have would like to have 2 ldap servers specified on the clients using SSSD. </div><div><br></div><div>Without TLS/Encryption (PAD NSS) it works just fine, however, the moment I turn on TLS/StratTLS only one server works whereas other does not and gives the "Certification Not trusted" error.</div>
<div><br></div><div>Here what I did.</div><div><br></div><div><div>certutil -S -n "CA certificate" -s "cn=My Org CA cert,dc=my,dc=net" -2 -x -t "CT,," -m 1000 -v 120 -d . -k rsa -f /tmp/pwdfile</div>
<div><br></div><div># Generate Directory server clients certs</div><div>certutil -S -n "Server-Cert" -s "cn=<a href="http://ldap.my.net">ldap.my.net</a>" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa -f /tmp/pwdfile</div>
<div><br></div><div># Export it for ldap clients and other servers</div><div>certutil -d . -L -n "CA certificate" -a > cacert.asc</div><div><br></div><div>Then I imported the same cacert.asc file to another 389 server using "certutil". And copied it at the client as well. </div>
<div><br></div><div>I would see the certificate got imported in the GUI console but due to some reason everytime I query from the client to secondary server (where I imported the key) it just does not work.</div><div><br>
</div><div>Would appreciate any help. Not sure what step I am using or what am I doing wrong.</div><div><br></div><div>Thanks</div><div>Chandan</div><div><br></div></div><br><br>-- <br><br><div>--</div><div><a href="http://about.me/chandank" target="_blank">http://about.me/chandank</a><br>
</div><br>