FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 09-12-2008, 08:44 AM
steve nguyen
 
Default CA certificate trouble

Hi everybody,

*

If you remember me I've got some problem with SSL in my sync agreement :

*

https://www.redhat.com/archives/fedora-directory-users/2008-September/msg00000.html

https://www.redhat.com/archives/fedora-directory-users/2008-September/msg00024.html

*

I think I have found what's wrong in my SSL set up.

I tried this command to verify if ssl is enabled in FDS : ldapsearch -x -ZZ '(uid=testuser)'


I check the access log, and I've got this message :

EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"

RESULT err=0 tag=120 nentries=0 etime=0
DISCONNECT fd=67 closed - Peer does not recognize and trust the CA that issued your certific...

*

As I said before I set up SSL using the second script from the FDS wiki page.

So my question is what can I do now :

- Can I fix this ?

- Should I do a full set up of SSL ?

*

Thanks

*

*

Téléphonez gratuitement à tous vos proches avec Windows Live Messenger* !* Téléchargez-le maintenant !
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-12-2008, 02:03 PM
"Ryan Braun [ADS]"
 
Default CA certificate trouble

On Friday 12 September 2008 08:44, steve nguyen wrote:
> Hi everybody,
>
> If you remember me I've got some problem with SSL in my sync agreement :
>
> https://www.redhat.com/archives/fedora-directory-users/2008-September/msg00
>000.html
> https://www.redhat.com/archives/fedora-directory-users/2008-September/msg00
>024.html
>
> I think I have found what's wrong in my SSL set up.
> I tried this command to verify if ssl is enabled in FDS : ldapsearch -x -ZZ
> '(uid=testuser)' I check the access log, and I've got this message :
> EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> RESULT err=0 tag=120 nentries=0 etime=0DISCONNECT fd=67 closed - Peer does
> not recognize and trust the CA that issued your certific...
>
> As I said before I set up SSL using the second script from the FDS wiki
> page. So my question is what can I do now :
> - Can I fix this ?
> - Should I do a full set up of SSL ?
>
> Thanks


I've been working on an all-in-one ssl management perl script for fds. It's
been working over here but I'm sure there are some quirks in it.

Make sure you edit /etc/fdstools/ssl.conf to point to your correct SEC_DIR and
INSTANCE values. Then just move out your old $SEC_DIR/cert8.db key3.db and
secmod.db files to some backup directory and run fdssl.pl -h or -e for
examples on how to use it.

Let me know how it works for you.

Ryan
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-12-2008, 09:49 PM
steve nguyen
 
Default CA certificate trouble

Thank you
I will try it monday at work
And I will give you some feedback !

Steve

> From: ryan.braun@ec.gc.ca
> To: fedora-directory-users@redhat.com
> Subject: Re: [Fedora-directory-users] CA certificate trouble
> Date: Fri, 12 Sep 2008 14:03:53 +0000
>

>
> I've been working on an all-in-one ssl management perl script for fds. It's
> been working over here but I'm sure there are some quirks in it.
>
> Make sure you edit /etc/fdstools/ssl.conf to point to your correct SEC_DIR and
> INSTANCE values. Then just move out your old $SEC_DIR/cert8.db key3.db and
> secmod.db files to some backup directory and run fdssl.pl -h or -e for
> examples on how to use it.
>
> Let me know how it works for you.
>
> Ryan

Discutez sur Messenger où que vous soyez ! Mettez Messenger sur votre mobile !
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 
Old 09-15-2008, 09:02 AM
steve nguyen
 
Default CA certificate trouble

Hi,

*

I tried your script after doing all the things you suggest. And I got this error message after running the script :

*

Can't locate Sys/Hostname/Long.pm in @INC (@INC contains: /usr/lib/perl5/5.10.0/i386-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.10.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl .) at ./fdsssl.pl line 9.
BEGIN failed--compilation aborted at ./fdsssl.pl line 9.

*

Do you have you an idea what's wrong ? Should I edit a conf file or install a package to correct this ?

*

thanks

> From: ryan.braun@ec.gc.ca
> To: fedora-directory-users@redhat.com
> Subject: Re: [Fedora-directory-users] CA certificate trouble
> Date: Fri, 12 Sep 2008 14:03:53 +0000
>
> On Friday 12 September 2008 08:44, steve nguyen wrote:
> > Hi everybody,
> >
> > If you remember me I've got some problem with SSL in my sync agreement :
> >
> > https://www.redhat.com/archives/fedora-directory-users/2008-September/msg00
> >000.html
> > https://www.redhat.com/archives/fedora-directory-users/2008-September/msg00
> >024.html
> >
> > I think I have found what's wrong in my SSL set up.
> > I tried this command to verify if ssl is enabled in FDS : ldapsearch -x -ZZ
> > '(uid=testuser)' I check the access log, and I've got this message :
> > EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
> > RESULT err=0 tag=120 nentries=0 etime=0DISCONNECT fd=67 closed - Peer does
> > not recognize and trust the CA that issued your certific...
> >
> > As I said before I set up SSL using the second script from the FDS wiki
> > page. So my question is what can I do now :
> > - Can I fix this ?
> > - Should I do a full set up of SSL ?
> >
> > Thanks
>
>
> I've been working on an all-in-one ssl management perl script for fds. It's
> been working over here but I'm sure there are some quirks in it.
>
> Make sure you edit /etc/fdstools/ssl.conf to point to your correct SEC_DIR and
> INSTANCE values. Then just move out your old $SEC_DIR/cert8.db key3.db and
> secmod.db files to some backup directory and run fdssl.pl -h or -e for
> examples on how to use it.
>
> Let me know how it works for you.
>
> Ryan


Téléphonez gratuitement à tous vos proches avec Windows Live Messenger* !* Téléchargez-le maintenant !
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 12:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org