[389-users] SSL Error on Startup

David Partridge dpartridge at tangible.net
Thu Sep 22 01:31:30 UTC 2011 

Is the SSL certificate self signed or is it issued by a valid Root?



*         May help to see the  content of the certificate to see what extensions and key usage of the certificate your attempting to use.



David M. Partridge



From: Rich Megginson [mailto:rmeggins at redhat.com]
Sent: Tuesday, September 20, 2011 10:06 AM
To: Chris Ober; 389-users at lists.fedoraproject.org
Subject: Re: [389-users] SSL Error on Startup



On 09/20/2011 07:45 AM, Chris Ober wrote:

Rich,

I've read that, and I believe I've followed the steps shown there, but it doesn't solve my problem.

let's start with perms/ownership
ls -al /etc/dirsrv/slapd-instance
grep nsslapd-localuser /etc/dirsrv/slapd-instance/dse.ldif

see what the server cert name is
grep -i personality /etc/dirsrv/slapd-instance/dse.ldif

next, look at certutil
certutil -d /etc/dirsrv/slapd-instance -L
certutil -d /etc/dirsrv/slapd-instance -L -n "name of CA cert"
certutil -d /etc/dirsrv/slapd-instance -L -n "name of server cert"





~Chris

On 9/19/11 2:47 PM, Rich Megginson wrote:

On 09/19/2011 12:26 PM, Chris M. Ober wrote:



Hello all,

I've installed 389 to replace an ancient server that is on its last legs. I got everything configured and working, until just now. I generated and signed ssl keys to use ldaps, and it seemed to accept everything. It told me to restart the service, which it wouldn't allow me to do from the console. From the command line `service dirsrv restart` gave me an error I can't figure out. The error is:

<?ae=PreFormAction&a=Forward&t=IPM.Note&id=RgAAAAAddcPi7ODVRL%2bRKLFJpZ86BwCjUgqOSZifQqfpcvM7EMjGAAAAkkLWAACjUgqOSZifQqfpcvM7EMjGAAAO0Wg%2fAAAJ&pspid=_1316456764395_268663948#>
[root at ceto2 ~]# service dirsrv start
Starting dirsrv:
    ceto2...[19/Sep/2011:14:07:19 -0400] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)
[19/Sep/2011:14:07:19 -0400] - ERROR: SSL Initialization Failed.
                                                           [FAILED]
  *** Warning: 1 instance(s) failed to start


I haven't been able to find anything on google to help me solve this. Any idea what is going wrong?

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#SecureConnections





Thank you,
Chris


--
389 users mailing list
389-users at lists.fedoraproject.org<mailto:389-users at lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110921/d3c0b5df/attachment.html>

More information about the 389-users mailing list