Can anyone else point me to any how to on this? This process seems to be destructive. If anything goes wrong fds will not start making it very hard to roll back the changes to the database. I end up just removing the entire installation and starting over.
My fall back plan is to use stunnel or some other proxy. On Fri, Jun 20, 2008 at 3:40 PM, Edward Capriolo <[EMAIL PROTECTED]> wrote: > I was attempting to follow...http://directory.fedoraproject.org/wiki/Howto:SSL > I first ran the script > http://directory.fedoraproject.org/download/setupssl2.sh After > completing fds would not start. I rein > I eventually ended up reading the script and running every operation > stp by step. That was quite an ordeal. All the steps ran however no > errors. > > [EMAIL PROTECTED] slapd-ldapslave1]# /etc/init.d/dirsrv start > Starting dirsrv: > ldapslave1...Warning: Incorrect PIN may result in disabling the token > Enter PIN for Internal (Software) Token: > > I replaced the data inside pin.txt with : > > Internal (Software) Token:dirserv_cert_password > > But I am still getting the same message. Is this just a bogus message. > The problem could be elsewhere? > > > Thanks in advance. > (ps -ef ; w) | sha1sum > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > chown fds:fds /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > (w ; ps -ef ; date ) | sha1sum | awk '{print $1}' > > /etc/dirsrv/slapd-ldapslave1/noise.txt > chown fds:fds /etc/dirsrv/slapd-ldapslave1/noise.txt > certutil -N -P new- -d /etc/dirsrv/slapd-ldapslave1 -f > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > chown fds:fds /etc/dirsrv/slapd-ldapslave1/key3.db > chown fds:fds /etc/dirsrv/slapd-ldapslave1/cert8.db > chmod 600 /etc/dirsrv/slapd-ldapslave1/key3.db > chmod 600 /etc/dirsrv/slapd-ldapslave1/cert8.db > certutil -G -P new- -d /etc/dirsrv/slapd-ldapslave1 -z > /etc/dirsrv/slapd-ldapslave1/noise.txt -f > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > certutil -S -P new- /etc/dirsrv/slapd-ldapslave1/ -n "CA certificate" > -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d > /etc/dirsrv/slapd-ldapslave1 -z /etc/dirsrv/slapd-ldapslave1/noise.txt > -f /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > certutil -L -P new- -d /etc/dirsrv/slapd-ldapslave1 -n "CA > certificate" -a > /etc/dirsrv/slapd-ldapslave1/cacert.asc > pk12util -d /etc/dirsrv/slapd-ldapslave1 -P new- -o > /etc/dirsrv/slapd-ldapslave1/cacert.p12 -n "CA certificate" -w > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > certutil -S -P new- -n "Server-Cert" -s > "cn=ldapslave1.ops.ec.com,ou=Fedora Directory Server" -c "CA > certificate" -t "u,u,u" -m 1001 -v 120 -d > /etc/dirsrv/slapd-ldapslave1/ -z > /etc/dirsrv/slapd-ldapslave1/noise.txt -f > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > > certutil -S -P new- -n "server-cert" -s > "cn=ldapslave1.ops.ec.com,ou=Fedora Administration Server" -c "CA > certificate" -t "u,u,u" -m 1002 -v 120 -d > /etc/dirsrv/slapd-ldapslave1/ -z > /etc/dirsrv/slapd-ldapslave1/noise.txt -f > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > > pk12util -d /etc/dirsrv/slapd-ldapslave1 -P new- -o > /etc/dirsrv/slapd-ldapslave1/adminserver.p12 -n server-cert -w > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > > chown fds:fds /etc/dirsrv/slapd-ldapslave1/adminserver.p12 > chmod 400 /etc/dirsrv/slapd-ldapslave1/adminserver.p12 > > cat /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > > /etc/dirsrv/slapd-ldapslave1/pin.txt > > chmod 400 /etc/dirsrv/slapd-ldapslave1/pin.txt > > mv /etc/dirsrv/slapd-ldapslave1/cert8.db > /etc/dirsrv/slapd-ldapslave1/orig-cert8.db > mv /etc/dirsrv/slapd-ldapslave1/key3.db > /etc/dirsrv/slapd-ldapslave1/orig-key3.db > > > certutil -N -d /etc/dirsrv/slapd-ldapslave1 -P admin-serv- -f > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > > chown fds:fds /etc/dirsrv/slapd-ldapslave1/admin-serv-*.db > [EMAIL PROTECTED] tmp]# chmod 600 /etc/dirsrv/slapd-ldapslave1/admin-serv-*.db > > pk12util -d /etc/dirsrv/slapd-ldapslave1/ -P admin-serv- -n > server-cert -i /etc/dirsrv/slapd-ldapslave1/adminserver.p12 -w > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > > certutil -A -d /etc/dirsrv/slapd-ldapslave1/ -P admin-serv- -n "CA > certificate" -t "CT,," -a -i /etc/dirsrv/slapd-ldapslave1/cacert.asc > > cat /etc/dirsrv/slapd-ldapslave1/pwdfile.txt > > /etc/dirsrv/slapd-ldapslave1/password.conf > > chmod 400 /etc/dirsrv/slapd-ldapslave1/password.conf > chown fds:fds /etc/dirsrv/slapd-ldapslave1/password.conf > > sed -e "[EMAIL PROTECTED] [EMAIL PROTECTED] > file:/etc/dirsrv/slapd-ldapslave1/password/conf > > mv /etc/dirsrv/slapd-ldapslave1/new-key3.db > /etc/dirsrv/slapd-ldapslave1/key3.db > mv /etc/dirsrv/slapd-ldapslave1/new-cert8.db > /etc/dirsrv/slapd-ldapslave1/cert8.db > > > ldapmodify -x -h localhost -p 389 -D "cn=directory manager" -W <<EOF > dn: cn=encryption,cn=config > changetype: modify > replace: nsSSL3 > nsSSL3: on > - > replace: nsSSLClientAuth > nsSSLClientAuth: allowed > - > add: nsSSL3Ciphers > nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5, > +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza, > +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha, > +tls_rsa_export1024_with_des_cbc_sha > > dn: cn=config > changetype: modify > add: nsslapd-security > nsslapd-security: on > - > replace: nsslapd-ssl-check-hostname > nsslapd-ssl-check-hostname: off > > dn: cn=RSA,cn=encryption,cn=config > changetype: add > objectclass: top > objectclass: nsEncryptionModule > cn: RSA > nsSSLPersonalitySSL: Server-Cert > nsSSLToken: internal (software) > nsSSLActivation: on > > EOF > > > [EMAIL PROTECTED] slapd-ldapslave1]# /etc/init.d/dirsrv start > Starting dirsrv: > ldapslave1...Warning: Incorrect PIN may result in disabling the token > Enter PIN for Internal (Software) Token: > > Any hints thanks! > -- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
