[389-users] Odd SSL Issues
Craig T
389 at noboost.org
Thu Oct 6 01:08:08 UTC 2011
Hi,
Thanks for the advice! Although I don't yet understand what was wrong with the console client, those tests proved that the database was in fact empty. I then installed the certs via certutil and the server started up first time :)
cya
Craig
On Tue, Oct 04, 2011 at 10:54:15AM -0600, Rich Megginson wrote:
> On 10/04/2011 01:17 AM, Craig T wrote:
> >Hi,
> >
> >Setup:
> >Fedora 15 x64
> >* 389-admin-1.1.23-1.fc15.x86_64
> >* 389-admin-console-1.1.8-1.fc15.noarch
> >* 389-admin-console-doc-1.1.8-1.fc15.noarch
> >* 389-adminutil-1.1.14-1.fc15.x86_64
> >* 389-console-1.1.7-1.fc15.noarch
> >* 389-ds-1.2.2-1.fc15.noarch
> >* 389-ds-base-1.2.9.10-2.fc15.x86_64
> >* 389-ds-base-libs-1.2.9.10-2.fc15.x86_64
> >* 389-ds-console-1.2.6-1.fc15.noarch
> >* 389-ds-console-doc-1.2.6-1.fc15.noarch
> >* 389-dsgw-1.1.7-2.fc15.x86_64
> >
> >Disclaimer:
> >I'm pretty new to 389 Directory Server so this might be a simple question.
> >
> >Goal:
> >I am attempting to install a CA& server certificate, which I have signed by my own openssl CA.
> >
> >My Steps:
> >After using the 389 Console to generate my certificate request, I was then able to sign it with my openssl CA and install the cert (plus CA cert) into the 389 Directory Server without issue. I then choose the;
> >- "Enable SSL for this server" option and selected the security device and server cert "server-crt2".
> >- I checked the CA cert and it showed that there was no broken links in the certification paths.
> >
> >Issue:
> >After restarting Directory Server, I was surprised to see the following error;
> >-----------------------------------------------------------------------------------------
> >[04/Oct/2011:17:39:09 +1100] - SSL alert: Security Initialization: Can't find certificate (server-cert2) for family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.)
> >[04/Oct/2011:17:39:09 +1100] - SSL alert: Security Initialization: Unable to retrieve private key for cert server-cert2 of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.)
> >[04/Oct/2011:17:39:09 +1100] - SSL failure: None of the cipher are valid
> >[04/Oct/2011:17:39:09 +1100] - ERROR: SSL Initialization phase 2 Failed.
> >-----------------------------------------------------------------------------------------
> >
> >
> >I feel like I must be missing something pretty obvious, any suggestions?
> ls -al /etc/dirsrv/slapd-yourinstance
> certutil -d /etc/dirsrv/slapd-yourinstance -L
>
> if it doesn't show a cert named "server-cert2" then it is possible
> that the console did not properly install the SSL cert
> >cya
> >
> >Craig
> >--
> >389 users mailing list
> >389-users at lists.fedoraproject.org
> >https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list