Howdy -
Posting this to the list just because Google searches didn't tell me. Very possible I was asking the wrong question, but here's what I was searching for.
How do you disable SSL at startup for Fedora Directory Server (389)?
In /etc/dirsrv/slapd-[hostname]/dse.ldif, change the line:
nsslapd-security: on
to:
nsslapd-security: off
Back story: I was messing about with SSL certificates and I did something wrong. Not sure what yet, but since my cert was borked, after I installed it, 389 wouldn't start. Since the LDAP server wouldn't start, the admin server wouldn't allow me to log in. I was kind of screwed.
Once I set the LDAP server to start without SSL, I was able to log in and now I can (hopefully) figure out what I did wrong with the certificate.
The error I was getting was:
/var/log/dirsrv/slapd-e510/errors:[24/Apr/2010:18:12:30 -0500] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert e510 server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - Peer's Certificate issuer is not recognized.)
Thomas Cameron wrote:
Howdy -
Posting this to the list just because Google searches didn't tell me. Very possible I was asking the wrong question, but here's what I was searching for.
How do you disable SSL at startup for Fedora Directory Server (389)?
In /etc/dirsrv/slapd-[hostname]/dse.ldif, change the line:
nsslapd-security: on
to:
nsslapd-security: off
Back story: I was messing about with SSL certificates and I did something wrong. Not sure what yet, but since my cert was borked, after I installed it, 389 wouldn't start. Since the LDAP server wouldn't start, the admin server wouldn't allow me to log in. I was kind of screwed.
Once I set the LDAP server to start without SSL, I was able to log in and now I can (hopefully) figure out what I did wrong with the certificate.
The error I was getting was:
/var/log/dirsrv/slapd-e510/errors:[24/Apr/2010:18:12:30 -0500] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert e510 server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 - Peer's Certificate issuer is not recognized.)
How did you generate the server cert 'e510 server-cert' ? Did you import the CA cert of the CA that issued this cert?
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org