FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 09-11-2008, 03:42 PM
"Ryan Braun [ADS]"
 
Default Encryption works, but odd entries in the error log on startup.

I had setup encryption on one of my test fds servers (1.1.2), generated a
CAcert and a Server-Cert and turned on encryption. It all worked fine. I
shut down fds, removed the Server-Cert and created a new Server-Cert with a
few Subject Alt Name entries. I didn't import a p12 cert, I just used
certutil to create a new cert in the database.

I restarted the server and tested with ldapsearch -ZZ and it all still worked.

When I had a look in the log recently, I noticed these entries everytime i
restart the service.

[11/Sep/2008:15:11:18 +0000] - Fedora-Directory/1.1.2 B2008.253.1749 starting
up
[11/Sep/2008:15:11:19 +0000] - attrcrypt_unwrap_key: failed to unwrap key for
cipher AES
[11/Sep/2008:15:11:19 +0000] - Failed to retrieve key for cipher AES in
attrcrypt_cipher_init
[11/Sep/2008:15:11:19 +0000] - Failed to initialize cipher AES in
attrcrypt_init
[11/Sep/2008:15:11:19 +0000] - attrcrypt_unwrap_key: failed to unwrap key for
cipher AES
[11/Sep/2008:15:11:19 +0000] - Failed to retrieve key for cipher AES in
attrcrypt_cipher_init
[11/Sep/2008:15:11:19 +0000] - Failed to initialize cipher AES in
attrcrypt_init
[11/Sep/2008:15:11:19 +0000] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[11/Sep/2008:15:11:19 +0000] - Listening on All Interfaces port 636 for LDAPS
requests

Looking back to when I first turned on encryption, I see

[10/Sep/2008:19:41:20 +0000] - Fedora-Directory/1.1.2 B2008.253.1749 starting
up
[10/Sep/2008:19:41:20 +0000] - No symmetric key found for cipher AES in
backend userRoot, attempting to create one...
[10/Sep/2008:19:41:20 +0000] - Key for cipher AES successfully generated and
stored
[10/Sep/2008:19:41:20 +0000] - No symmetric key found for cipher 3DES in
backend userRoot, attempting to create one...
[10/Sep/2008:19:41:20 +0000] - Key for cipher 3DES successfully generated and
stored
[10/Sep/2008:19:41:20 +0000] - No symmetric key found for cipher AES in
backend NetscapeRoot, attempting to create one...
[10/Sep/2008:19:41:20 +0000] - Key for cipher AES successfully generated and
stored
[10/Sep/2008:19:41:20 +0000] - No symmetric key found for cipher 3DES in
backend NetscapeRoot, attempting to create one...
[10/Sep/2008:19:41:20 +0000] - Key for cipher 3DES successfully generated and
stored
[10/Sep/2008:19:41:20 +0000] - slapd started. Listening on All Interfaces
port 389 for LDAP requests
[10/Sep/2008:19:41:20 +0000] - Listening on All Interfaces port 636 for LDAPS
requests

So I'm wondering if I need to somehow reinit some of the encryption keys? Or
maybe I missed a step for replacing a Server-Cert? But from the docs it
looks like a straight forward turn off fds, remove old cert, create/import
new cert (with same name), restart fds.

Ryan

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 05:26 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org