Finally circling back around to this.

On Monday, June 24, 2013 09:44:19 Rob Crittenden wrote:
> It's really confusing how you ended up with a CA DS instance configured
> without SSL. 

You're telling me. :)

> In any case, by default we configure port 7390 for SSL. StartTLS
> shouldn't be needed.
> You may also need to set nsSSL3Ciphers.

Sorry, LDAP newbie here. What would I add, and to which files? I assume the 
dse.ldif for the PKI-CA.  What entries would I add for the SSL config?

> And you need to create an entry:
> cn=RSA,cn=encryption,cn=config
> objectclass=top
> objectclass=nsEncryptionModule
> cn=RSA
> nsSSLPersonalitySSL=Server-Cert
> nsSSLToken=internal (software)
> nsSSLActivation=on

When you say "create entry," is that just adding that to the dse.ldif, or am I 
adding it to the LDAP DB? (Again, LDAP newbie here).

Feel free to point me to docs on this subject. I do want to learn, just not 
sure where to start.

Thank you (again!) for all your help!


Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design - Jabber:
PGP Key:  ID 0x73B13B6A

Freeipa-users mailing list

Reply via email to