[389-users] SSL initialization Failed

Rich Megginson rmeggins at redhat.com
Wed Mar 7 15:59:34 UTC 2012 

On 03/07/2012 06:34 AM, Luigi Santangelo wrote:
>
> Hi guru,
> i have a problem with enabling SSL in my Fedora Directory Server. I 
> already searched with google and I have found other people that have 
> same problem but, following the instructions, I cannot resolve my 
> problem (maybe my problem has a different source).
> I start by saing that in the past I have enabled SSL on FDS 1.2.5 
> succesfully, but with FDS 1.2.12 rc2 I cannot.
>
I'm assuming you mean 1.2.10.rc2 - Don't use rc2 - use 1.2.10.3 which is 
in updates-testing
>
> On my Fedora 16, with kernel 3.2.7-1, I installed FDS 1.2.12rc2. Then, 
> I created a request for the Directory Server (using Manage 
> Certificates). During this operation, I inserted the FQDN in Server 
> Name field and I completed other field (Organization, State, etc). 
> Then I exported the request and, using a my self-signed CA, I created 
> a cert for the server. I imported server and CA certs succesfully. In 
> the Certification Path tab of server cert, I can see the correct chain 
> (server and ca certs). But when I enable SSL for my server (with 
> Encryption tab) and I restart my server, it cannot start correctly and 
> give me this error:
>
> SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)
> ERROR: SSL Initialization Failed.
>
> But if I create a key and cert with openssl for my server (then not 
> creating the request and sign it, but creating the cert directly with 
> openssl), I export the cert in p12 format and I import it with 
> certutil utility, it works fine: I can enable SSL and I can restart my 
> server without any problem.
>
> Then, I thing that I wrong to insert the information during generation 
> request. Can you help me?
>
You should also use 389-admin-1.1.27 from updates-testing - there was a 
similar bug fixed in 389-admin
>
> Another question (mere curiosity): why RedHat Directory Server and 
> Fedora Directory Server have different version number? Its doesn't 
> offer the same features? Thanks
>
389 (formerly Fedora Directory Server) is the upstream open source 
project which changes frequently and has new features as soon as they 
are developed.  Red Hat Directory Server is the downstream product which 
does not change as frequently, and only gets new features once they are 
tested, documented, and support ready.
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120307/50fc4fb8/attachment.html>

More information about the 389-users mailing list