Hello Noriko, Same problem unfortunately :(
Thanks, Phil ----- On 4 Jan, 2016, at 20:54, Noriko Hosoi <[email protected]> wrote: > Hello Phil, > We are working on the issue, but not sure what the root cause is yet. > If you could try the new installer I have just uploaded, it would be a > big help for us. (Please note that the version remains the same 1.1.15.) > http://www.port389.org/docs/389ds/download.html#windows-console > Thank you, > --noriko > On 01/04/2016 09:22 AM, Phil Daws wrote: >> ----- On 4 Jan, 2016, at 16:45, Rich Megginson [email protected] wrote: >>> On 01/04/2016 09:23 AM, Phil Daws wrote: >>>> Hello Rich, >>>> Have ran in debug mode and connected to the admin interface which has been >>>> secured with a cert: >>>> {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, >>>> SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, >>>> ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun >>>> Dec 20 >>>> 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, >>>> CN=LAB-CA} >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 20 >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 20 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button height = 20 >>>> JButtonFactory: button width = 72 >>>> JButtonFactory: button height = 20 >>>> JButtonFactory: button width = 54 >>>> JButtonFactory: button height = 20 >>>> JButtonFactory: button width = 72certain >>>> HttpsChannel::select(...) - SELECT CERTIFICATE >>>> Unable to create ssl socket >>>> org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186) >>>> security library: invalid algorithm. >>>> at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) >>>> at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) >>>> at com.netscape.management.client.comm.CommManager.send(Unknown Source) >>>> at com.netscape.management.client.comm.HttpManager.get(Unknown Source) >>>> at com.netscape.management.client.console.Console.invoke_task(Unknown >>>> Source) >>>> at com.netscape.management.client.console.Console.authenticate_user(Unknown >>>> Source) >>>> at com.netscape.management.client.console.Console.<init>(Unknown Source) >>>> at com.netscape.management.client.console.Console.main(Unknown >>>> Source)certain >>>> So it accepts the admin certificate fine but then shows an empty selection >>>> box >>>> for a certificate ? >>> Not sure what it means by "invalid algorithm" but it looks as though >>> that is the root cause. The console doesn't know what to do with that >>> error, so it asks you to select another cert, which is just a >>> distraction at that point. Please open a ticket. >> Hmm, but that "invalid algorithm" message only appeared when I clicked on >> continue with no certificate showing in the selection dropdown list. The >> admin >> certificate was accepted fine and then it showed the empty selection list. >>>> Thanks, Phil >>>> ----- On 4 Jan, 2016, at 15:50, Rich Megginson [email protected] wrote: >>>>> On 01/04/2016 01:11 AM, Phil Daws wrote: >>>>>> Any thoughts on this please ? >>>>>> ----- On 20 Dec, 2015, at 16:02, Phil Daws [email protected] wrote: >>>>>>> Hello, >>>>>>> Have now got to the point where it says "Select a certificate to >>>>>>> authenticate" >>>>>>> yet the drop down box is empty. >>>>> Can you run the console with -D 9 -f console.log, then check console.log >>>>> to remove any sensitive information, then post that to this list? The >>>>> easiest way to do this is to make a copy of the .bat file that runs the >>>>> console, then add those arguments to the command line in the copy of the >>>>> .bat file. >>>>> I'm assuming you have not configured the admin server/directory server >>>>> to require client cert authentication. If you don't know, then you >>>>> probably haven't. >>>>>>> If I check the NSS database it looks okay ? >>>>>>> D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and >>>>>>> Settings\pmdaws\.389-console" -L >>>>>>> Certificate Nickname Trust Attributes >>>>>>> SSL,S/MIME,JAR/XPI >>>>>>> LAB CA Certificate CT,, >>>>>>> Phil Daws p,p,p >>>>>>> Seems as though the console is not picking them up :( >>>>>>> Thanks, Phil >>>>>>> ----- On 15 Dec, 2015, at 20:35, Noriko Hosoi [email protected] wrote: >>>>>>>> On 12/15/2015 11:40 AM, Phil Daws wrote: >>>>>>>>> Hello, >>>>>>>>> Unfortunately I do not have a console under Fedora/RHEL. >>>>>>>>> I can log into the Administration console fine, but when I click on >>>>>>>>> Server >>>>>>>>> Group, and then double click on the Directory Server it prompts me >>>>>>>>> for the >>>>>>>>> Distinguished name and password. The status is showing as: >>>>>>>>> Server status: Stopped >>>>>>>>> Port: 636 >>>>>>>>> The ports are listening fine: >>>>>>>>> Active Internet connections (only servers) >>>>>>>>> Proto Recv-Q Send-Q Local Address Foreign Address State >>>>>>>>> PID/Program name >>>>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN >>>>>>>>> 301/sshd >>>>>>>>> tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN >>>>>>>>> 1261/httpd >>>>>>>>> tcp6 0 0 :::22 :::* LISTEN >>>>>>>>> 301/sshd >>>>>>>>> tcp6 0 0 :::636 :::* LISTEN >>>>>>>>> 1196/ns-slapd >>>>>>>>> tcp6 0 0 :::389 :::* LISTEN >>>>>>>>> 1196/ns-slapd >>>>>>>>> So am guessing it's probably due to when I enabled "Secure >>>>>>>>> Connection" in the >>>>>>>>> console :( >>>>>>>>> Any thoughts please ? >>>>>>>> Not sure yet, but did you have a chance to see this section? >>>>>>>> http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information >>>>>>>>> Thanks, Phil >>>>>>>>> ----- On 15 Dec, 2015, at 19:01, Noriko Hosoi [email protected] wrote: >>>>>>>>>> On 12/15/2015 09:51 AM, Phil Daws wrote: >>>>>>>>>>> Hello, >>>>>>>>>>> I have 389 up and running in my lab, with encryption enabled, but >>>>>>>>>>> when I connect >>>>>>>>>>> too the Administration panel and double click on the Directory >>>>>>>>>>> Server it just >>>>>>>>>>> hangs. The CA certificate has been imported using: >>>>>>>>>>> d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and >>>>>>>>>>> Settings\phild\.389-console" -n "CA Certificate" -t CT,, -i >>>>>>>>>>> d:\Downloads\CA-chain.pem -a >>>>>>>>>>> Am I missing something obvious please ? >>>>>>>>>>> Thanks, Phil >>>>>>>>>>> -- >>>>>>>>>>> 389 users mailing list >>>>>>>>>>> 389-users@%(host_name)s >>>>>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected] >>>>>>>>>> Administration URL starts with https? >>>>>>>>>> If you use Console on Fedora/RHEL, you have no problem? >>>>>>>>>> Thanks. >>>>>>>>>> -- >>>>>>>>>> 389 users mailing list >>>>>>>>>> 389-users@%(host_name)s >>>>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected] >>>>>>>>> -- >>>>>>>>> 389 users mailing list >>>>>>>>> 389-users@%(host_name)s >>>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected] >>>>>>>> -- >>>>>>>> 389 users mailing list >>>>>>>> 389-users@%(host_name)s >>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected] >>>>>>> -- >>>>>>> 389 users mailing list >>>>>>> 389-users@%(host_name)s >>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected] >>>>>> -- >>>>>> 389 users mailing list >>>>>> 389-users@%(host_name)s >>>>>> http://lists.fedoraproject.org/admin/lists/[email protected] >>>>> -- >>>>> 389 users mailing list >>>>> 389-users@%(host_name)s >>>>> http://lists.fedoraproject.org/admin/lists/[email protected] >>>> -- >>>> 389 users mailing list >>>> 389-users@%(host_name)s >>>> http://lists.fedoraproject.org/admin/lists/[email protected] >>> -- >>> 389 users mailing list >>> 389-users@%(host_name)s >>> http://lists.fedoraproject.org/admin/lists/[email protected] >> -- >> 389 users mailing list >> 389-users@%(host_name)s >> http://lists.fedoraproject.org/admin/lists/[email protected] > -- > 389 users mailing list > 389-users@%(host_name)s > http://lists.fedoraproject.org/admin/lists/[email protected]
-- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/[email protected]
