[389-users] disable SSL at startup
Thomas Cameron
thomas.cameron at gmail.com
Sat Apr 24 23:25:21 UTC 2010
Howdy -
Posting this to the list just because Google searches didn't tell me.
Very possible I was asking the wrong question, but here's what I was
searching for.
How do you disable SSL at startup for Fedora Directory Server (389)?
In /etc/dirsrv/slapd-[hostname]/dse.ldif, change the line:
nsslapd-security: on
to:
nsslapd-security: off
Back story: I was messing about with SSL certificates and I did
something wrong. Not sure what yet, but since my cert was borked,
after I installed it, 389 wouldn't start. Since the LDAP server
wouldn't start, the admin server wouldn't allow me to log in. I was
kind of screwed.
Once I set the LDAP server to start without SSL, I was able to log in
and now I can (hopefully) figure out what I did wrong with the
certificate.
The error I was getting was:
/var/log/dirsrv/slapd-e510/errors:[24/Apr/2010:18:12:30 -0500] - SSL
alert: CERT_VerifyCertificateNow: verify certificate failed for cert
e510 server-cert of family cn=RSA,cn=encryption,cn=config (Netscape
Portable Runtime error -8179 - Peer's Certificate issuer is not
recognized.)
More information about the 389-users
mailing list