the error mentioned at the beginning was: [26/Jan/2017:01:02:39 -0500] conn=97 op=-1 fd=64 closed - Unspecified failure while processing SSL Client Key Exchange handshake. And with "TLS_REQCERT demand", there is likely a failed SSL server certificate verification, which may be related to either a cert chain not fully trusted, or an incorrect cert usage, or incorrect validity dates, or a non matching subject DN, or an issuer in the chain with a signature's algorithm now considered weak. if you have the luxury to try gain, collect a tcpdump trace to see the details of the SSL handshake, and/or eventually try only as a test with "TLS_REQCERT = allow" or "TLS_REQCERT = never" Thanks, M.
On Fri, Jan 27, 2017 at 9:34 AM, John McKee <johnnybo...@fedoraproject.org> wrote: > @Mark Reynolds > > I had no choice but to revert to my snapshot to get production back up and > running, but I will experiment and will post the outcome. Thank you for > your help thus far. > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org >
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org