--- Alex aka Magobin <magobin(a)gmail.com> wrote:
As suggested, I checked if ssl worked....to test it I did a fresh
install and I corrected the problem about node, now each node use its
real address and name (I moved in future cluster configuration)...
Do a fresh install. Shut the server down and tarball the /opt/fedora-ds directory, stash
somewhere safe. It helped me a lot because whenever I would screw something up, I would
just rm
-fr /opt/fedora-ds; tar xvf fedora.bkup.tar and I'd have a fresh good install ready to
test again.
That way you don't have to go thru the whole rpm -e, rpm -Uvh, setup business.
Then run this (make sure you have noise.txt and pwdfile.txt):
run it from /opt/fedora-ds/alias :
#!/bin/sh
../shared/bin/certutil -N -d . -f pwdfile.txt
../shared/bin/certutil -G -d . -z noise.txt -f pwdfile.txt
../shared/bin/certutil -S -n "CA certificate" -s "cn=CAcert" -x -t
"CT,," -m 1000 -v 120 -d . -z
noise.txt -f pwdfile.txt
../shared/bin/certutil -S -n "Server-Cert" -s "cn=server-cert" -c
"CA certificate" -t "u,u,u" -m
1001 -v 120 -d . -z noise.txt -f pwdfile.txt
echo moving key..
mv key3.db slapd-node1-key3.db
mv cert8.db slapd-node1-cert8.db
ln -s slapd-node1-key3.db key3.db
ln -s slapd-node1-cert8.db cert8.db
echo pk..
../shared/bin/pk12util -d . -P slapd-node1- -o servercert.pfx -n Server-Cert
(replace node1 with your hostname)
Then when you enable SSL, the certificate should appear in the window. Choose your server
cert
and then it'll all work. I had to script the above because like you, it took me about
5 tries to
get it going correctly.
btw, I had to use different noise/password files for each server's cert. Not sure
why, perhaps
something else I was doing wrong...
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com