Hi,
Thanks for the advice! Although I don't yet understand what was wrong with the console
client, those tests proved that the database was in fact empty. I then installed the certs
via certutil and the server started up first time :)
cya
Craig
On Tue, Oct 04, 2011 at 10:54:15AM -0600, Rich Megginson wrote:
On 10/04/2011 01:17 AM, Craig T wrote:
>Hi,
>
>Setup:
>Fedora 15 x64
>* 389-admin-1.1.23-1.fc15.x86_64
>* 389-admin-console-1.1.8-1.fc15.noarch
>* 389-admin-console-doc-1.1.8-1.fc15.noarch
>* 389-adminutil-1.1.14-1.fc15.x86_64
>* 389-console-1.1.7-1.fc15.noarch
>* 389-ds-1.2.2-1.fc15.noarch
>* 389-ds-base-1.2.9.10-2.fc15.x86_64
>* 389-ds-base-libs-1.2.9.10-2.fc15.x86_64
>* 389-ds-console-1.2.6-1.fc15.noarch
>* 389-ds-console-doc-1.2.6-1.fc15.noarch
>* 389-dsgw-1.1.7-2.fc15.x86_64
>
>Disclaimer:
>I'm pretty new to 389 Directory Server so this might be a simple question.
>
>Goal:
>I am attempting to install a CA& server certificate, which I have signed by my
own openssl CA.
>
>My Steps:
>After using the 389 Console to generate my certificate request, I was then able to
sign it with my openssl CA and install the cert (plus CA cert) into the 389 Directory
Server without issue. I then choose the;
>- "Enable SSL for this server" option and selected the security device and
server cert "server-crt2".
>- I checked the CA cert and it showed that there was no broken links in the
certification paths.
>
>Issue:
>After restarting Directory Server, I was surprised to see the following error;
>-----------------------------------------------------------------------------------------
>[04/Oct/2011:17:39:09 +1100] - SSL alert: Security Initialization: Can't find
certificate (server-cert2) for family cn=RSA,cn=encryption,cn=config (Netscape Portable
Runtime error -8174 - security library: bad database.)
>[04/Oct/2011:17:39:09 +1100] - SSL alert: Security Initialization: Unable to retrieve
private key for cert server-cert2 of family cn=RSA,cn=encryption,cn=config (Netscape
Portable Runtime error -8174 - security library: bad database.)
>[04/Oct/2011:17:39:09 +1100] - SSL failure: None of the cipher are valid
>[04/Oct/2011:17:39:09 +1100] - ERROR: SSL Initialization phase 2 Failed.
>-----------------------------------------------------------------------------------------
>
>
>I feel like I must be missing something pretty obvious, any suggestions?
ls -al /etc/dirsrv/slapd-yourinstance
certutil -d /etc/dirsrv/slapd-yourinstance -L
if it doesn't show a cert named "server-cert2" then it is possible
that the console did not properly install the SSL cert
>cya
>
>Craig
>--
>389 users mailing list
>389-users(a)lists.fedoraproject.org
>https://admin.fedoraproject.org/mailman/listinfo/389-users