Re: [389-users] SSL

Thu, 17 Apr 2014 12:13:08 -0700

Replying to list.

On 04/17/2014 12:22 PM, Andy wrote:

I am having an issue with securing Directory Server communication using SSL which I need guidance on how to solve. I am setting up a master and slave which will use SSL to secure communication between the two servers and to all other clients.

 

I used openssl to create a CA cert and sign the Manager server certificate as follows:

-          CA cert created by  openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650

-          Manager server csr signed - openssl ca -config openssl.cnf -policy policy_anything -out certs/xxx.crt -infiles xxx.csr

-          Checked both certs using before installing on Manager

-          Both certs were installed using root.

-          Enabled encryption via the console and restarted dirsrv. Note coms remain of port 389 after the reboot. E.g. xxx.com:389

-           

o   certutil -L -d . output show that both a CA cert and server cert are installed as follows:

server-cert                                                  u,u,u

xxxx-ca.crt                                                  CT,,

-          I checked that the server is listening on port 636. Logs also confirmed that the Manager is listening on port 636

-          I tested that the Manager can receive connection on port 636, by connecting using telnet from another server – telnet <server name> 636. The connect was also visible on netstat output.

-          I can’t see any errors in /var/log/dirsrv/slpad-<server>/errors 

Can you help so that I can setup secure communication correctly?

Kind regards

Andy

 

 

 

 


--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users

Reply via email to