Finally circling back around to this. On Monday, June 24, 2013 09:44:19 Rob Crittenden wrote: > It's really confusing how you ended up with a CA DS instance configured > without SSL.
You're telling me. :) > In any case, by default we configure port 7390 for SSL. StartTLS > shouldn't be needed. > > You may also need to set nsSSL3Ciphers. Sorry, LDAP newbie here. What would I add, and to which files? I assume the dse.ldif for the PKI-CA. What entries would I add for the SSL config? > And you need to create an entry: > > cn=RSA,cn=encryption,cn=config > objectclass=top > objectclass=nsEncryptionModule > cn=RSA > nsSSLPersonalitySSL=Server-Cert > nsSSLToken=internal (software) > nsSSLActivation=on When you say "create entry," is that just adding that to the dse.ldif, or am I adding it to the LDAP DB? (Again, LDAP newbie here). Feel free to point me to docs on this subject. I do want to learn, just not sure where to start. Thank you (again!) for all your help! j -- Joshua J. Kugler - Fairbanks, Alaska Azariah Enterprises - Programming and Website Design [email protected] - Jabber: [email protected] PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
