I was installing old netscape-communicator when I posted last, and the db's it created
got me further:
Dec 20 12:07:02 solarisldap nscd[2100]: libldap: CERT_VerifyCertName: cert server name
'server-cert' does not match 'ldapserver': SSL connection denied
Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 85 Mesg: openConnection: simple
bind failed - Timed out
Dec 20 12:07:02 solarisldap nscd[2100]: libsldap: Status: 7 Mesg: Session error no
available conn.
So at least I got here... I'll look around some more to try and disable this
verifycertname crap, or re-create the cert correctly.
Thanks again.
On Tue, 2005-12-20 at 12:09 -0600, Michael Montgomery wrote:
Thanks, I'll give these a shot...
On Tue, 2005-12-20 at 10:03 -0800, George Holbert wrote:
> >
> > Solaris 8 and Solaris 9 look for cert7.db, not cert8.db.
>
> Furthermore,
> Some versions of certutil will generate a certificate DB called
> cert7.db, but Solaris still won't like it.
>
> I've found that certutil as bundled in the Sun DSRK works well for
> generating Solaris client cert DBs:
>
http://www.sun.com/download/products.xml?id=3f74a0db
>
> NSS 3.3.2 should also work:
>
http://www.mozilla.org/projects/security/pki/nss/release_notes_332.html
>
>