[389-users] Recover after installing a bad cert.
Rich Megginson
rmeggins at redhat.com
Wed Jul 8 19:02:18 UTC 2009
Dumbo Q wrote:
> I just installed a new ssl certificate using pk12util. I restarted my
> dirsrv, and picked the new cert in the dropdown menu under the
> encryption tab. I restarted dirsrv to make it take affect. When I
> did this, I found that the root certificate was not in
> redhats/openssls ca-bundle. I tried importing the intermediate
> certificate, and I think I just made the problem worse.
>
> right now im getting the following.
> SSL alert: CERT_VerifyCertificateNow: verify certificate failed for
> cert rhds.example.com - Comodo CA Limited of family
> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179
> - Peer's Certificate issuer is not recognized.)
> [08/Jul/2009:14:18:04 -0400] - SSL failure: None of the cipher are valid
>
>
> Now my directory is down completely. How can I get it to start up
> without SSL so that I can fix the problem?
The default list of approved root CAs are in a shared library called
libnssckbi.so - try this
cd /etc/dirsrv/slapd-yourinstance
ln -s /usr/lib/libnssckbi.so
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20090708/4cfdc028/attachment.bin>
More information about the 389-users
mailing list