[Fedora-directory-users] problem starting slapd

Marco Bellacosa marco at sif.it
Thu Aug 24 08:06:56 UTC 2006 

Thanks Richard,

Richard Megginson wrote:
 > Marco Bellacosa wrote:
 >
 >> Dear all,
 >>
 >> I got problems while restarting my fedora-ds. In particular,
 >> when I try to start the server via start-slapd I receive the following
 >> message:
 >>
 >> [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow:
 >> verify certificate failed for cert server-cert of family
 >> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181
 >> - Peer's Certificate has expired.)
 >> [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are 
valid\
 >>
 >> Then, if I try to menage certificates via console, I am not able to
 >> log in the console, I get the message:
 >>
 >> Cannot connect to the Admin Server .....
 >> The URL is not correct or the server is not running.
 >>
 >> Therefore, I cannot start the server because my certificate is no more
 >> valid and I cannot menage certificate because my console doesn't open
 >> (it seems to me). Can anyone help me?
 >
 > Looks like you will have to generate a new server (or CA?) cert.  Do you
 > have a CA?  See http://directory.fedora.redhat.com/wiki/Howto:SSL for
 > some examples of how to use the command line certutil tool.
 >

I followed the examples, but now

# start-slapd
Enter PIN for Internal (Software) Token: I insert the password and

[24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization Can't
find certificate (server-cert) for family cn=RSA,cn=encryption,cn=config
(Netscape Portable Runtime error -8174 - security library: bad database.)
[24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization:
Unable to retrieve private key for cert server-cert of family
cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 -
security library: bad database.)
[24/Aug/2006:09:19:22 +0200] - SSL failure: None of the cipher are valid

Please, note that I have my new admin-serv-hostname-cert8.db,
slapd-hostname-cert8.db and so on and a valid CA certificate.


Thanks in advance,
marco

 >> Fedora-directory-users mailing list
 >> Fedora-directory-users at redhat.com
 >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
 >
 >
 > ------------------------------------------------------------------------
 >
 > --
 > Fedora-directory-users mailing list
 > Fedora-directory-users at redhat.com
 > https://www.redhat.com/mailman/listinfo/fedora-directory-users
 >

More information about the 389-users mailing list