[389-users] Question on certificate storage
Orion Poplawski
orion at cora.nwra.com
Fri Sep 23 19:24:43 UTC 2011
I'm trying to setup MMR with another office site. We're trying to connect
over SSL, but my server gives the error:
[23/Sep/2011:12:00:56 -0600] slapi_ldap_bind - Error: could not send bind
request for id [cn=Replication Manager,cn=config] mech [SIMPLE]: error 81
(Can't contact LDAP server) -8179 (Peer's Certificate issuer is not
recognized.) 11 (Resource temporarily unavailable)
I've added what I believe are the proper CA certs (it is a chain of 3) for the
remote server to my directory server via the 389-console and manage
certificates. However, I noticed that when I use certutil on the server to
list the certificates, I don't see them:
# certutil -d /etc/dirsrv/slapd-cora/ -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA certificate CT,,
server-cert u,u,u
I would have thought they would be stored in the same place. If not, where
are the one listed in the console stored? Does it matter that they aren't
showing up with certutil?
Anything else I can do to debug the SSL connection?
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion at cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
More information about the 389-users
mailing list