Any further thoughts please or should I just start all over again ? Thanks,
Phil
----- On 5 Jan, 2016, at 09:06, Phil Daws <[email protected]> wrote:
> Hello Noriko,
> Same problem unfortunately :(
> Thanks, Phil
> ----- On 4 Jan, 2016, at 20:54, Noriko Hosoi <[email protected]> wrote:
>> Hello Phil,
>> We are working on the issue, but not sure what the root cause is yet.
>> If you could try the new installer I have just uploaded, it would be a
>> big help for us. (Please note that the version remains the same 1.1.15.)
>> http://www.port389.org/docs/389ds/download.html#windows-console
>> Thank you,
>> --noriko
>> On 01/04/2016 09:22 AM, Phil Daws wrote:
>>> ----- On 4 Jan, 2016, at 16:45, Rich Megginson [email protected] wrote:
>>>> On 01/04/2016 09:23 AM, Phil Daws wrote:
>>>>> Hello Rich,
>>>>> Have ran in debug mode and connected to the admin interface which has been
>>>>> secured with a cert:
>>>>> {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin},
>>>>> SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017,
>>>>> ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun
>>>>> Dec 20
>>>>> 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB,
>>>>> CN=LAB-CA}
>>>>> JButtonFactory: button width = 54
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 54
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 72
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 72
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 54
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 72certain
>>>>> HttpsChannel::select(...) - SELECT CERTIFICATE
>>>>> Unable to create ssl socket
>>>>> org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186)
>>>>> security library: invalid algorithm.
>>>>> at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
>>>>> at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
>>>>> at com.netscape.management.client.comm.CommManager.send(Unknown Source)
>>>>> at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
>>>>> at com.netscape.management.client.console.Console.invoke_task(Unknown
>>>>> Source)
>>>>> at
>>>>> com.netscape.management.client.console.Console.authenticate_user(Unknown
>>>>> Source)
>>>>> at com.netscape.management.client.console.Console.<init>(Unknown Source)
>>>>> at com.netscape.management.client.console.Console.main(Unknown
>>>>> Source)certain
>>>>> So it accepts the admin certificate fine but then shows an empty
>>>>> selection box
>>>>> for a certificate ?
>>>> Not sure what it means by "invalid algorithm" but it looks as though
>>>> that is the root cause. The console doesn't know what to do with that
>>>> error, so it asks you to select another cert, which is just a
>>>> distraction at that point. Please open a ticket.
>>> Hmm, but that "invalid algorithm" message only appeared when I clicked on
>>> continue with no certificate showing in the selection dropdown list. The
>>> admin
>>> certificate was accepted fine and then it showed the empty selection list.
>>>>> Thanks, Phil
>>>>> ----- On 4 Jan, 2016, at 15:50, Rich Megginson [email protected] wrote:
>>>>>> On 01/04/2016 01:11 AM, Phil Daws wrote:
>>>>>>> Any thoughts on this please ?
>>>>>>> ----- On 20 Dec, 2015, at 16:02, Phil Daws [email protected] wrote:
>>>>>>>> Hello,
>>>>>>>> Have now got to the point where it says "Select a certificate to
>>>>>>>> authenticate"
>>>>>>>> yet the drop down box is empty.
>>>>>> Can you run the console with -D 9 -f console.log, then check console.log
>>>>>> to remove any sensitive information, then post that to this list? The
>>>>>> easiest way to do this is to make a copy of the .bat file that runs the
>>>>>> console, then add those arguments to the command line in the copy of the
>>>>>> .bat file.
>>>>>> I'm assuming you have not configured the admin server/directory server
>>>>>> to require client cert authentication. If you don't know, then you
>>>>>> probably haven't.
>>>>>>>> If I check the NSS database it looks okay ?
>>>>>>>> D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and
>>>>>>>> Settings\pmdaws\.389-console" -L
>>>>>>>> Certificate Nickname Trust Attributes
>>>>>>>> SSL,S/MIME,JAR/XPI
>>>>>>>> LAB CA Certificate CT,,
>>>>>>>> Phil Daws p,p,p
>>>>>>>> Seems as though the console is not picking them up :(
>>>>>>>> Thanks, Phil
>>>>>>>> ----- On 15 Dec, 2015, at 20:35, Noriko Hosoi [email protected] wrote:
>>>>>>>>> On 12/15/2015 11:40 AM, Phil Daws wrote:
>>>>>>>>>> Hello,
>>>>>>>>>> Unfortunately I do not have a console under Fedora/RHEL.
>>>>>>>>>> I can log into the Administration console fine, but when I click on
>>>>>>>>>> Server
>>>>>>>>>> Group, and then double click on the Directory Server it prompts me
>>>>>>>>>> for the
>>>>>>>>>> Distinguished name and password. The status is showing as:
>>>>>>>>>> Server status: Stopped
>>>>>>>>>> Port: 636
>>>>>>>>>> The ports are listening fine:
>>>>>>>>>> Active Internet connections (only servers)
>>>>>>>>>> Proto Recv-Q Send-Q Local Address Foreign Address State
>>>>>>>>>> PID/Program name
>>>>>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>>>>>>>>>> 301/sshd
>>>>>>>>>> tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN
>>>>>>>>>> 1261/httpd
>>>>>>>>>> tcp6 0 0 :::22 :::* LISTEN
>>>>>>>>>> 301/sshd
>>>>>>>>>> tcp6 0 0 :::636 :::* LISTEN
>>>>>>>>>> 1196/ns-slapd
>>>>>>>>>> tcp6 0 0 :::389 :::* LISTEN
>>>>>>>>>> 1196/ns-slapd
>>>>>>>>>> So am guessing it's probably due to when I enabled "Secure
>>>>>>>>>> Connection" in the
>>>>>>>>>> console :(
>>>>>>>>>> Any thoughts please ?
>>>>>>>>> Not sure yet, but did you have a chance to see this section?
>>>>>>>>> http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information
>>>>>>>>>> Thanks, Phil
>>>>>>>>>> ----- On 15 Dec, 2015, at 19:01, Noriko Hosoi [email protected]
>>>>>>>>>> wrote:
>>>>>>>>>>> On 12/15/2015 09:51 AM, Phil Daws wrote:
>>>>>>>>>>>> Hello,
>>>>>>>>>>>> I have 389 up and running in my lab, with encryption enabled, but
>>>>>>>>>>>> when I connect
>>>>>>>>>>>> too the Administration panel and double click on the Directory
>>>>>>>>>>>> Server it just
>>>>>>>>>>>> hangs. The CA certificate has been imported using:
>>>>>>>>>>>> d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and
>>>>>>>>>>>> Settings\phild\.389-console" -n "CA Certificate" -t CT,, -i
>>>>>>>>>>>> d:\Downloads\CA-chain.pem -a
>>>>>>>>>>>> Am I missing something obvious please ?
>>>>>>>>>>>> Thanks, Phil
>>>>>>>>>>>> --
>>>>>>>>>>>> 389 users mailing list
>>>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>>>>>>>>>> Administration URL starts with https?
>>>>>>>>>>> If you use Console on Fedora/RHEL, you have no problem?
>>>>>>>>>>> Thanks.
>>>>>>>>>>> --
>>>>>>>>>>> 389 users mailing list
>>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>>>>>>>>> --
>>>>>>>>>> 389 users mailing list
>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>>>>>>>> --
>>>>>>>>> 389 users mailing list
>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>>>>>>> --
>>>>>>>> 389 users mailing list
>>>>>>>> 389-users@%(host_name)s
>>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>>>>>> --
>>>>>>> 389 users mailing list
>>>>>>> 389-users@%(host_name)s
>>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users@%(host_name)s
>>>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@%(host_name)s
>>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>>> --
>>>> 389 users mailing list
>>>> 389-users@%(host_name)s
>>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>>> --
>>> 389 users mailing list
>>> 389-users@%(host_name)s
>>> http://lists.fedoraproject.org/admin/lists/[email protected]
>> --
>> 389 users mailing list
>> 389-users@%(host_name)s
>> http://lists.fedoraproject.org/admin/lists/[email protected]
> --
> 389 users mailing list
> 389-users@%(host_name)s
> http://lists.fedoraproject.org/admin/lists/[email protected]--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/[email protected]
