Did you install ca.cert on system and setup /etc/openldap/ldap.conf ? Greg. 28 wrz 2012 05:11, "Kyle Flavin" <[email protected]> napisaĆ(a):
> Hi, I've been struggling to setup 389 Directory server with Start TLS. > > I have a multi-master replication working with four server. From an > external client running openldap's ldapsearch, I'm trying to do the > following: > > ldapsearch -ZZ -x -h "myserver" -b "dc=example,dc=com" -D "cn=Directory > Manager" -W "" > > I get an unsupported protocol error on servers that do not have > certificates installed. > > In an attempt to resolve this, I tried to install a self-signed cert. I > created a ca.cert and a server.crt, and imported them into the Directory > Server. I then imported the ca.cert to the admin server. When I attempted > to import the same server.crt to the admin server, I got an error message > stating the certificate was for another host. Since the admin server and > directory server reside on the same host, if I generate a new request, it > will have an identical host name (I'm not sure if that's relevant to my > issue). After all of that, I now receive a "Connect Error > SSL3_GET_SERVER_CERTIFICATE:certificate verify failed". I'm guessing I > need to import the root cert onto the client somehow, but I'm not sure how > to go about doing that. > > This has become pretty time consuming, so I was hoping that someone more > knowledgeable could confirm that I'm at least travelling down the right > path. I've been following this Red Hat document: > > > https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Managing_SSL.html#Starting_the_Server_with_SSL_Enabled-Enabling_SSL_in_the_DS_Admin_Server_and_Console > > Thanks, > Kyle > > > -- > 389 users mailing list > [email protected] > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
