FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 03-07-2012, 12:34 PM
Luigi Santangelo
 
Default SSL initialization Failed

Hi guru,
i have a problem with
enabling SSL in my Fedora Directory Server. I already searched with
google and I have found other people that have same problem but,
following the instructions, I cannot resolve my problem (maybe my
problem has a different source).
I start by saing that in the past
I have enabled SSL on FDS 1.2.5 succesfully, but with FDS 1.2.12 rc2
I cannot.
On my Fedora 16, with kernel 3.2.7-1, I installed FDS
1.2.12rc2. Then, I created a request for the Directory Server (using
Manage Certificates). During this operation, I inserted the FQDN in
Server Name field and I completed other field (Organization, State,
etc). Then I exported the request and, using a my self-signed CA, I
created a cert for the server. I imported server and CA certs
succesfully. In the Certification Path tab of server cert, I can see
the correct chain (server and ca certs). But when I enable SSL for my
server (with Encryption tab) and I restart my server, it cannot start
correctly and give me this error:

SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)
ERROR: SSL Initialization Failed.

But if I create a key and cert with openssl for my server (then not
creating the request and sign it, but creating the cert directly with
openssl), I export the cert in p12 format and I import it with
certutil utility, it works fine: I can enable SSL and I can restart
my server without any problem.

Then, I thing that I wrong to insert
the information during generation request. Can you help me?

Another question (mere curiosity): why
RedHat Directory Server and Fedora Directory Server have different
version number? Its doesn't offer the same features? Thanks













--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-07-2012, 02:59 PM
Rich Megginson
 
Default SSL initialization Failed

On 03/07/2012 06:34 AM, Luigi Santangelo wrote:


Hi guru,

i have a problem with
enabling SSL in my Fedora Directory Server. I already searched
with
google and I have found other people that have same problem but,
following the instructions, I cannot resolve my problem (maybe
my
problem has a different source).

I start by saing that in the past
I have enabled SSL on FDS 1.2.5 succesfully, but with FDS 1.2.12
rc2
I cannot.




I'm assuming you mean 1.2.10.rc2 - Don't use rc2 - use 1.2.10.3
which is in updates-testing


On my Fedora 16, with kernel
3.2.7-1, I installed FDS
1.2.12rc2. Then, I created a request for the Directory Server
(using
Manage Certificates). During this operation, I inserted the FQDN
in
Server Name field and I completed other field (Organization,
State,
etc). Then I exported the request and, using a my self-signed
CA, I
created a cert for the server. I imported server and CA certs
succesfully. In the Certification Path tab of server cert, I can
see
the correct chain (server and ca certs). But when I enable SSL
for my
server (with Encryption tab) and I restart my server, it cannot
start
correctly and give me this error:

SSL alert: Security Initialization: Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)
ERROR: SSL Initialization Failed.


But if I create a key and cert with openssl for my server (then
not
creating the request and sign it, but creating the cert directly
with
openssl), I export the cert in p12 format and I import it with
certutil utility, it works fine: I can enable SSL and I can
restart
my server without any problem.

Then, I thing that I wrong to insert
the information during generation request. Can you help me?


You should also use 389-admin-1.1.27 from updates-testing - there
was a similar bug fixed in 389-admin


Another question (mere curiosity):
why
RedHat Directory Server and Fedora Directory Server have
different
version number? Its doesn't offer the same features? Thanks


389 (formerly Fedora Directory Server) is the upstream open source
project which changes frequently and has new features as soon as
they are developed.* Red Hat Directory Server is the downstream
product which does not change as frequently, and only gets new
features once they are tested, documented, and support ready.













--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 07:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org