FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-20-2008, 07:40 PM
"Edward Capriolo"
 
Default Trying to follow the howto ssl from wiki

I was attempting to follow...http://directory.fedoraproject.org/wiki/Howto:SSL
I first ran the script
http://directory.fedoraproject.org/download/setupssl2.sh After
completing fds would not start. I rein
I eventually ended up reading the script and running every operation
stp by step. That was quite an ordeal. All the steps ran however no
errors.

[root@ldapslave1 slapd-ldapslave1]# /etc/init.d/dirsrv start
Starting dirsrv:
ldapslave1...Warning: Incorrect PIN may result in disabling the token
Enter PIN for Internal (Software) Token:

I replaced the data inside pin.txt with :

Internal (Software) Token:dirserv_cert_password

But I am still getting the same message. Is this just a bogus message.
The problem could be elsewhere?


Thanks in advance.
(ps -ef ; w) | sha1sum > /etc/dirsrv/slapd-ldapslave1/pwdfile.txt
chown fds:fds /etc/dirsrv/slapd-ldapslave1/pwdfile.txt
(w ; ps -ef ; date ) | sha1sum | awk '{print $1}' >
/etc/dirsrv/slapd-ldapslave1/noise.txt
chown fds:fds /etc/dirsrv/slapd-ldapslave1/noise.txt
certutil -N -P new- -d /etc/dirsrv/slapd-ldapslave1 -f
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt
chown fds:fds /etc/dirsrv/slapd-ldapslave1/key3.db
chown fds:fds /etc/dirsrv/slapd-ldapslave1/cert8.db
chmod 600 /etc/dirsrv/slapd-ldapslave1/key3.db
chmod 600 /etc/dirsrv/slapd-ldapslave1/cert8.db
certutil -G -P new- -d /etc/dirsrv/slapd-ldapslave1 -z
/etc/dirsrv/slapd-ldapslave1/noise.txt -f
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt
certutil -S -P new- /etc/dirsrv/slapd-ldapslave1/ -n "CA certificate"
-s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d
/etc/dirsrv/slapd-ldapslave1 -z /etc/dirsrv/slapd-ldapslave1/noise.txt
-f /etc/dirsrv/slapd-ldapslave1/pwdfile.txt
certutil -L -P new- -d /etc/dirsrv/slapd-ldapslave1 -n "CA
certificate" -a > /etc/dirsrv/slapd-ldapslave1/cacert.asc
pk12util -d /etc/dirsrv/slapd-ldapslave1 -P new- -o
/etc/dirsrv/slapd-ldapslave1/cacert.p12 -n "CA certificate" -w
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt
certutil -S -P new- -n "Server-Cert" -s
"cn=ldapslave1.ops.ec.com,ou=Fedora Directory Server" -c "CA
certificate" -t "u,u,u" -m 1001 -v 120 -d
/etc/dirsrv/slapd-ldapslave1/ -z
/etc/dirsrv/slapd-ldapslave1/noise.txt -f
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt

certutil -S -P new- -n "server-cert" -s
"cn=ldapslave1.ops.ec.com,ou=Fedora Administration Server" -c "CA
certificate" -t "u,u,u" -m 1002 -v 120 -d
/etc/dirsrv/slapd-ldapslave1/ -z
/etc/dirsrv/slapd-ldapslave1/noise.txt -f
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt

pk12util -d /etc/dirsrv/slapd-ldapslave1 -P new- -o
/etc/dirsrv/slapd-ldapslave1/adminserver.p12 -n server-cert -w
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt

chown fds:fds /etc/dirsrv/slapd-ldapslave1/adminserver.p12
chmod 400 /etc/dirsrv/slapd-ldapslave1/adminserver.p12

cat /etc/dirsrv/slapd-ldapslave1/pwdfile.txt >
/etc/dirsrv/slapd-ldapslave1/pin.txt

chmod 400 /etc/dirsrv/slapd-ldapslave1/pin.txt

mv /etc/dirsrv/slapd-ldapslave1/cert8.db
/etc/dirsrv/slapd-ldapslave1/orig-cert8.db
mv /etc/dirsrv/slapd-ldapslave1/key3.db
/etc/dirsrv/slapd-ldapslave1/orig-key3.db


certutil -N -d /etc/dirsrv/slapd-ldapslave1 -P admin-serv- -f
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt

chown fds:fds /etc/dirsrv/slapd-ldapslave1/admin-serv-*.db
[root@ldapslave1 tmp]# chmod 600 /etc/dirsrv/slapd-ldapslave1/admin-serv-*.db

pk12util -d /etc/dirsrv/slapd-ldapslave1/ -P admin-serv- -n
server-cert -i /etc/dirsrv/slapd-ldapslave1/adminserver.p12 -w
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt -k
/etc/dirsrv/slapd-ldapslave1/pwdfile.txt

certutil -A -d /etc/dirsrv/slapd-ldapslave1/ -P admin-serv- -n "CA
certificate" -t "CT,," -a -i /etc/dirsrv/slapd-ldapslave1/cacert.asc

cat /etc/dirsrv/slapd-ldapslave1/pwdfile.txt >
/etc/dirsrv/slapd-ldapslave1/password.conf

chmod 400 /etc/dirsrv/slapd-ldapslave1/password.conf
chown fds:fds /etc/dirsrv/slapd-ldapslave1/password.conf

sed -e "s@^NSSPassPhrasDialog .*@NSSPassPhraseDialog
file:/etc/dirsrv/slapd-ldapslave1/password/conf

mv /etc/dirsrv/slapd-ldapslave1/new-key3.db
/etc/dirsrv/slapd-ldapslave1/key3.db
mv /etc/dirsrv/slapd-ldapslave1/new-cert8.db
/etc/dirsrv/slapd-ldapslave1/cert8.db


ldapmodify -x -h localhost -p 389 -D "cn=directory manager" -W <<EOF
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
-
add: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa _rc2_40_md5,
+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_ fips_3des_sha,+fortezza,
+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_expo rt1024_with_rc4_56_sha,
+tls_rsa_export1024_with_des_cbc_sha

dn: cn=config
changetype: modify
add: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off

dn: cn=RSA,cn=encryption,cn=config
changetype: add
objectclass: top
objectclass: nsEncryptionModule
cn: RSA
nsSSLPersonalitySSL: Server-Cert
nsSSLToken: internal (software)
nsSSLActivation: on

EOF


[root@ldapslave1 slapd-ldapslave1]# /etc/init.d/dirsrv start
Starting dirsrv:
ldapslave1...Warning: Incorrect PIN may result in disabling the token
Enter PIN for Internal (Software) Token:

Any hints thanks!

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 03:59 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org