[389-users] SSL

[Rich Megginson]

Replying to list.

On 04/17/2014 12:22 PM, Andy wrote:
>
> I am having an issue with securing Directory Server communication 
> using SSL which I need guidance on how to solve. I am setting up a 
> master and slave which will use SSL to secure communication between 
> the two servers and to all other clients.
>
> I used openssl to create a CA cert and sign the Manager server 
> certificate as follows:
>
> -CA cert created by *openssl req -config openssl.cnf -new -x509 
> -extensions v3_ca -keyout private/ca.key****-out certs/ca.crt -days 
> 3650***
>
> -Manager server csr signed - *openssl ca -config openssl.cnf -policy 
> policy_anything -out certs/**xxx.crt -infiles****xxx.csr*
>
> -Checked both certs using before installing on Manager
>
> -Both certs were installed using root.
>
> -Enabled encryption via the console and restarted dirsrv. Note coms 
> remain of port 389 after the reboot. E.g. xxx.com:389
>
> -
>
> ocertutil -L -d . output show that both a CA cert and server cert are 
> installed as follows:
>
> server-cert u,u,u
>
> xxxx-ca.crt CT,,
>
> -I checked that the server is listening on port 636. Logs also 
> confirmed that the Manager is listening on port 636
>
> -I tested that the Manager can receive connection on port 636, by 
> connecting using telnet from another server -- telnet <server name> 
> 636. The connect was also visible on netstat output.
>
> -I can't see any errors in /var/log/dirsrv/slpad-<server>/errors
>
> Can you help so that I can setup secure communication correctly?
>
> Kind regards
>
> Andy
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140417/40be412c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 5330 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140417/40be412c/attachment.jpe>