[389-users] Multiple 389 Servers for Clients Using SSSD
Chandan Kumar
chandank.kumar at gmail.com
Sat Jan 5 00:34:13 UTC 2013
Hello All,
I was wondering if anyone could help me with this setup. I have would like
to have 2 ldap servers specified on the clients using SSSD.
Without TLS/Encryption (PAD NSS) it works just fine, however, the moment I
turn on TLS/StratTLS only one server works whereas other does not and gives
the "Certification Not trusted" error.
Here what I did.
certutil -S -n "CA certificate" -s "cn=My Org CA cert,dc=my,dc=net" -2 -x
-t "CT,," -m 1000 -v 120 -d . -k rsa -f /tmp/pwdfile
# Generate Directory server clients certs
certutil -S -n "Server-Cert" -s "cn=ldap.my.net" -c "CA certificate" -t
"u,u,u" -m 1001 -v 120 -d . -k rsa -f /tmp/pwdfile
# Export it for ldap clients and other servers
certutil -d . -L -n "CA certificate" -a > cacert.asc
Then I imported the same cacert.asc file to another 389 server using
"certutil". And copied it at the client as well.
I would see the certificate got imported in the GUI console but due to some
reason everytime I query from the client to secondary server (where I
imported the key) it just does not work.
Would appreciate any help. Not sure what step I am using or what am I doing
wrong.
Thanks
Chandan
--
--
http://about.me/chandank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130104/0e265edf/attachment.html>
More information about the 389-users
mailing list