The SSL client (in this case, the replication supplier) still needs to
verify the SSL server (in this case, the replication consumer)
certificate in order for SSL to work. It should be sufficient for the
supplier to have the certificate of the CA that issued the consumer's
certificate in its cert db.
Susan wrote:
Hi, all. Trying to setup replication over SSL, without certificates.
In the UI, I said "Simple
Authentication.", gave it the bind dn & password. (The name/pass pair work fine
if non-SSL
replication is used.)
Anyway, in the consumer log, I see this:
[18/Jan/2006:11:50:56 -0500] conn=66 fd=72 slot=72 SSL connection from 129.85.70.110 to
129.85.86.65
[18/Jan/2006:11:50:56 -0500] conn=66 op=-1 fd=72 closed - SSL peer cannot verify your
certificate.
What's the deal? Why is it trying to verify certs???
on the supplier, I see this:
[18/Jan/2006:11:44:47 -0500] NSMMReplicationPlugin - agmt="cn=main"
(cnjldap01:636): Simple bind
failed, LDAP sdk error 81 (Can't contact LDAP server), Netscape Portable Runtime error
-8054
(unknown)
How come it failed??
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users