FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 08-01-2012, 02:17 PM
Arnold Werschky
 
Default dirsrv-admin startup issues with SSL/TLS configuration

Good morning,

I'm trying to set up a new install LDAP server with self signed TLS/SSL on CentOS 6.2

My install using*setup-ds-admin.pl*was typical, and I was able to login to the 389-Console after installation.


At that point I downloaded the script from richm :*https://github.com/richm/scripts/blob/master/setupssl2.sh


I received two errors during its run (full output is at the bottom).

pk12util: Failed to authenticate to PKCS11 slot: The security password entered is incorrect.pk12util: Failed to authenticate to "NSS User Private Key and Certificate Services": The user pressed cancel.


start-ds-admin now fails to start, with the following error messages in /var/log/dirsrv/admin-serv/error

[Tue Jul 31 16:34:09 2012] [error] Password for slot internal is incorrect.
[Tue Jul 31 16:34:09 2012] [error] NSS initialization failed. Certificate database: /etc/dirsrv/admin-serv.[Tue Jul 31 16:34:09 2012] [error] SSL Library Error: -8177 The security password entered is incorrect:

I've searched for the SSL Library error to no avail. *If anyone can give me a starting point I'd appreciate it.



************************************************** *************************setupssl2.sh output
************************************************** *************************

Using /etc/dirsrv/slapd-ldap-xxxxx as sec directoryNo CA certificate found - will create new oneNo Server Cert found - will create new one
No Admin Server Cert found - will create new oneCreating password file for security tokenCreating noise fileCreating new key and cert dbCreating encryption key for CA


Generating key. *This may take a few moments...
Creating self-signed CA certificate

Generating key. *This may take a few moments...

Is this a CA certificate [y/N]?Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?Exporting the CA certificate to cacert.asc
Generating server certificate for 389 Directory Server on host*ldap.xxxxx.comUsing fully qualified hostname*ldap.xxxxx.com*for the server name in the server cert subject DN
Note: If you do not want to use this hostname, edit this script to change myhost to thereal hostname you want to use

Generating key. *This may take a few moments...

Creating the admin server certificate

Generating key. *This may take a few moments...
Exporting the admin server certificate pk12 file
pk12util: PKCS12 EXPORT SUCCESSFULCreating pin file for directory serverImporting the admin server key and cert (created above)Incorrect password/PIN entered.pk12util: Failed to authenticate to PKCS11 slot: The security password entered is incorrect.
pk12util: Failed to authenticate to "NSS User Private Key and Certificate Services": The user pressed cancel.Importing the CA certificate from cacert.ascEnabling the use of a password file in admin server
Turning on NSSEngineUse ldaps for config ds connectionsEnabling SSL in the directory serverwhen prompted, provide the directory manager passwordPassword:modifying entry "cn=encryption,cn=config"

modifying entry "cn=config"
adding new entry "cn=RSA,cn=encryption,cn=config"
Enabling SSL in the admin servermodifying entry "cn=slapd-ldap-xxxxx,cn=389 Directory Server,cn=Server Group,cn=ldap.xxxxx.com,ou=xxxxx,o=NetscapeRoot"

modifying entry "cn=configuration,cn=admin-serv-ldap,cn=389 Administration Server,cn=Server Group,cn=ldap.xxxxx.com,ou=xxxxx,o=NetscapeRoot"

Done. *You must restart the directory server and the admin server for the changes to take effect.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 01:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org