Re: SSL problems/questions for Fedora DS 1.02

This is a cryptographically signed message in MIME format.

Dellwo, Martin J. [NCSUS] wrote:
> Hello,
>
> How can one start up Fedora directory (1.02) server instances when one 
> is using SSL?  Can it be configured to read the security database 
> password from a file?  I believe it may have given me the option 
> initially and I did not take advantage of it, so I am particularly 
> wondering how to set up automatic startup (with no password prompt) 
> after it is already set up to prompt.
Have you seen this?  http://directory.fedora.redhat.com/wiki/Howto:SSL
> Right now, I have slapd running with SSL turned on, but could not 
> restart the admin server after turning it on.  I was able to edit two 
> admin server configuration files to turn it back off for the admin 
> server, so now I can start it without SSL.  Any pointers to detailed 
> documentation for using SSL with admin server?
http://www.redhat.com/docs/manuals/dir-server/pdf/console71.pdf - chapter 7
> I also now have a new problem where I cannot open the 'Manage 
> Certificates' task for the directory server (slapd) instance itself.  
> In the admin server http logs I get this error
>
> [Thu Jun 22 11:56:06 2006] [notice] [client 10.24.224.137] 
> admserv_host_ip_check: ap_get_remote_host could not resolve 
> xxx.xxx.xxx.xxx
I think this error is benign, especially if you can connect to the admin 
server via a web browser.
> Even though xxx.xxx.xxx.xxx is the IP address of the local server 
> (both where slapd is running and where I am running the console from). 
> It is properly defined in both the local /etc/hosts and in DNS.  At 
> the same time, the console gives a pop-up error, 
> "org.mozilla.ssl.SSLSocketException:  SSL_ForceHandshake failed: 
> (-5938) Encountered end of file."
>
> Since I think this could be related to an out-of-date certificate CRL, 
> how can one import new CRLs using command line tools?
There is an NSS command line tool called crlutil which is unfortunately 
not included with fedora ds.   You can find it here - 
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_RTM/ 
- just make sure you set your LD_LIBRARY_PATH to 
/opt/fedora-ds/shared/lib before you run crlutil.
> Thanks,
>   Marty
>
> *--*
> *Martin J. Dellwo*
> /NCS Pharma R&D (Exton)/
> /NCS, a Johnson & Johnson Company/
> /mdellwo@xxxxxxxxxxxxx/
>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

smime.p7s
Description: S/MIME Cryptographic Signature