[389-users] SSL Error on Startup

Rich Megginson rmeggins at redhat.com
Tue Sep 20 14:05:33 UTC 2011 

On 09/20/2011 07:45 AM, Chris Ober wrote:
> Rich,
>
> I've read that, and I believe I've followed the steps shown there, but 
> it doesn't solve my problem.
let's start with perms/ownership
ls -al /etc/dirsrv/slapd-instance
grep nsslapd-localuser /etc/dirsrv/slapd-instance/dse.ldif

see what the server cert name is
grep -i personality /etc/dirsrv/slapd-instance/dse.ldif

next, look at certutil
certutil -d /etc/dirsrv/slapd-instance -L
certutil -d /etc/dirsrv/slapd-instance -L -n "name of CA cert"
certutil -d /etc/dirsrv/slapd-instance -L -n "name of server cert"

>
> ~Chris
>
> On 9/19/11 2:47 PM, Rich Megginson wrote:
>> On 09/19/2011 12:26 PM, Chris M. Ober wrote:
>>> Hello all,
>>>
>>> I've installed 389 to replace an ancient server that is on its last 
>>> legs. I got everything configured and working, until just now. I 
>>> generated and signed ssl keys to use ldaps, and it seemed to accept 
>>> everything. It told me to restart the service, which it wouldn't 
>>> allow me to do from the console. From the command line `service 
>>> dirsrv restart` gave me an error I can't figure out. The error is:
>>>
>>> <?ae=PreFormAction&a=Forward&t=IPM.Note&id=RgAAAAAddcPi7ODVRL%2bRKLFJpZ86BwCjUgqOSZifQqfpcvM7EMjGAAAAkkLWAACjUgqOSZifQqfpcvM7EMjGAAAO0Wg%2fAAAJ&pspid=_1316456764395_268663948#> 
>>>
>>> [root at ceto2 ~]# service dirsrv start
>>> Starting dirsrv:
>>>     ceto2...[19/Sep/2011:14:07:19 -0400] - SSL alert: Security 
>>> Initialization: Unable to authenticate (Netscape Portable Runtime 
>>> error -8192 - An I/O error occurred during security authorization.)
>>> [19/Sep/2011:14:07:19 -0400] - ERROR: SSL Initialization Failed.
>>>                                                            [FAILED]
>>>   *** Warning: 1 instance(s) failed to start
>>>
>>>
>>> I haven't been able to find anything on google to help me solve 
>>> this. Any idea what is going wrong?
>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#SecureConnections 
>>
>>>
>>>
>>> Thank you,
>>> Chris
>>>
>>>
>>> -- 
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110920/cab04788/attachment.html>

More information about the 389-users mailing list