--- Alex aka Magobin <[EMAIL PROTECTED]> wrote: > As suggested, I checked if ssl worked....to test it I did a fresh > install and I corrected the problem about node, now each node use its > real address and name (I moved in future cluster configuration)...
Do a fresh install. Shut the server down and tarball the /opt/fedora-ds directory, stash somewhere safe. It helped me a lot because whenever I would screw something up, I would just rm -fr /opt/fedora-ds; tar xvf fedora.bkup.tar and I'd have a fresh good install ready to test again. That way you don't have to go thru the whole rpm -e, rpm -Uvh, setup business. Then run this (make sure you have noise.txt and pwdfile.txt): run it from /opt/fedora-ds/alias : #!/bin/sh ../shared/bin/certutil -N -d . -f pwdfile.txt ../shared/bin/certutil -G -d . -z noise.txt -f pwdfile.txt ../shared/bin/certutil -S -n "CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d . -z noise.txt -f pwdfile.txt ../shared/bin/certutil -S -n "Server-Cert" -s "cn=server-cert" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -z noise.txt -f pwdfile.txt echo moving key.. mv key3.db slapd-node1-key3.db mv cert8.db slapd-node1-cert8.db ln -s slapd-node1-key3.db key3.db ln -s slapd-node1-cert8.db cert8.db echo pk.. ../shared/bin/pk12util -d . -P slapd-node1- -o servercert.pfx -n Server-Cert (replace node1 with your hostname) Then when you enable SSL, the certificate should appear in the window. Choose your server cert and then it'll all work. I had to script the above because like you, it took me about 5 tries to get it going correctly. btw, I had to use different noise/password files for each server's cert. Not sure why, perhaps something else I was doing wrong... __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
