[389-users] SSL Error on Startup
David Partridge
dpartridge at tangible.net
Thu Sep 22 01:31:30 UTC 2011
Is the SSL certificate self signed or is it issued by a valid Root?
* May help to see the content of the certificate to see what extensions and key usage of the certificate your attempting to use.
David M. Partridge
From: Rich Megginson [mailto:rmeggins at redhat.com]
Sent: Tuesday, September 20, 2011 10:06 AM
To: Chris Ober; 389-users at lists.fedoraproject.org
Subject: Re: [389-users] SSL Error on Startup
On 09/20/2011 07:45 AM, Chris Ober wrote:
Rich,
I've read that, and I believe I've followed the steps shown there, but it doesn't solve my problem.
let's start with perms/ownership
ls -al /etc/dirsrv/slapd-instance
grep nsslapd-localuser /etc/dirsrv/slapd-instance/dse.ldif
see what the server cert name is
grep -i personality /etc/dirsrv/slapd-instance/dse.ldif
next, look at certutil
certutil -d /etc/dirsrv/slapd-instance -L
certutil -d /etc/dirsrv/slapd-instance -L -n "name of CA cert"
certutil -d /etc/dirsrv/slapd-instance -L -n "name of server cert"
~Chris
On 9/19/11 2:47 PM, Rich Megginson wrote:
On 09/19/2011 12:26 PM, Chris M. Ober wrote:
Hello all,
I've installed 389 to replace an ancient server that is on its last legs. I got everything configured and working, until just now. I generated and signed ssl keys to use ldaps, and it seemed to accept everything. It told me to restart the service, which it wouldn't allow me to do from the console. From the command line `service dirsrv restart` gave me an error I can't figure out. The error is:
<?ae=PreFormAction&a=Forward&t=IPM.Note&id=RgAAAAAddcPi7ODVRL%2bRKLFJpZ86BwCjUgqOSZifQqfpcvM7EMjGAAAAkkLWAACjUgqOSZifQqfpcvM7EMjGAAAO0Wg%2fAAAJ&pspid=_1316456764395_268663948#>
[root at ceto2 ~]# service dirsrv start
Starting dirsrv:
ceto2...[19/Sep/2011:14:07:19 -0400] - SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)
[19/Sep/2011:14:07:19 -0400] - ERROR: SSL Initialization Failed.
[FAILED]
*** Warning: 1 instance(s) failed to start
I haven't been able to find anything on google to help me solve this. Any idea what is going wrong?
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html-single/Administration_Guide/index.html#SecureConnections
Thank you,
Chris
--
389 users mailing list
389-users at lists.fedoraproject.org<mailto:389-users at lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110921/d3c0b5df/attachment.html>
More information about the 389-users
mailing list