Packages are same on both node1 and node2: [root@ads01 admin-serv]# rpm -qa | grep nss nss-softokn-freebl-3.16.2.3-13.el7_1.x86_64 nss-util-3.19.1-4.el7_1.x86_64 nss-3.19.1-19.el7_2.x86_64 openssl-libs-1.0.1e-51.el7_2.2.x86_64 openssh-server-6.6.1p1-23.el7_2.x86_64 openssl-1.0.1e-51.el7_2.2.x86_64 nss-softokn-3.16.2.3-13.el7_1.x86_64 mod_nss-1.0.11-6.el7.x86_64 nss-sysinit-3.19.1-19.el7_2.x86_64 nss-tools-3.19.1-19.el7_2.x86_64 openssh-6.6.1p1-23.el7_2.x86_64 openssh-clients-6.6.1p1-23.el7_2.x86_64
Thanks, Phil ----- On 17 Jan, 2016, at 13:43, Paul Whitney [email protected] wrote: > Phil, > > It looks like you are missing a package. Do you have the NSS package > installed? > > Cheers, > > Paul M. Whitney > [email protected] > > Sent from my Mac Book Pro > >> On Jan 15, 2016, at 1:03 PM, Phil Daws <[email protected]> wrote: >> >> Hello all: >> >> Have tried to get my lab set up with 389 and secure connections multiple >> times >> now with disasterous results; and yes have tried to follow >> http://www.port389.org/docs/389ds/howto/howto-ssl.html >> >> Here is a very brief walkthrough of what I did: >> >> * from my PKI created four certificates - node1 admin and node2 directory + >> node2 admin and node2 directory certificates >> * on both node1 and node2 installed the following packages: >> >> [root@ads01 ~]# rpm -qa | grep 389 >> 389-adminutil-1.1.22-1.el7.x86_64 >> 389-ds-base-1.3.4.0-21.el7_2.x86_64 >> 389-admin-console-1.1.10-1.el7.noarch >> 389-console-1.1.9-1.el7.noarch >> 389-ds-base-libs-1.3.4.0-21.el7_2.x86_64 >> 389-admin-1.1.42-1.el7.x86_64 >> 389-ds-console-1.2.12-1.el7.noarch >> >> * on node1 ran setup-ds-admin.pl and configured the initial directory server >> * on node1 configured the admin to use TLS + the directory server so that it >> bound to 636 >> * on node2 ran setup-ds-admin.pl and joined the directory server on node1 >> * on node2 configured the admin to use TLS >> * on node2 launch 389-console using https and then try to connect too the >> directory server on node2 and it just hangs and fails with an SSL error over >> and over: >> >> [Fri Jan 15 17:22:14.391824 2016] [:crit] [pid 705:tid 140640199088192] >> sslinit: >> NSS is required to use LDAPS, but security initialization failed [-8015:The >> certificate/key database is in an old, unsupported format or failed to >> open.]. >> >> How does one perform an install, with two nodes, that each has an >> administration >> instance plus a directory server running TLS on 636 ?? Have not even been >> able >> to attempt multi-master replication yet :( >> >> All help appreciated. Thanks, Phil >> >> >> -- >> 389 users mailing list >> 389-users@%(host_name)s > > http://lists.fedoraproject.org/admin/lists/[email protected] -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/[email protected]
