<div dir="ltr">i think we are head to solutions ... <br><br>do i need to re-install certificate in passync again ??? after we install new CSR with FQDN ... ??? <br><br><br>root@linux2 slapd-linux2]# /usr/lib/mozldap/ldapsearch -v -h <a href="http://labdc01.tf-lab.test2.com">labdc01.tf-lab.test2.com</a> -p 636 -Z -P /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db -3 -s base -b "" "objectclass=*"<br>
ldapsearch: started Mon Oct 20 06:18:20 2008<br><br>ldap_init( <a href="http://labdc01.tf-lab.test2.com">labdc01.tf-lab.test2.com</a>, 636 )<br>ldaptool_getcertpath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db<br>ldaptool_getkeypath -- /etc/dirsrv/slapd-linux2/slapd-linux2cert8.db<br>
ldaptool_getmodpath -- (null)<br>ldaptool_getdonglefilename -- (null)<br>filter pattern: objectclass=*<br>returning: ALL<br>filter is: (objectclass=*)<br>version: 1<br>dn:<br>currentTime: 20081020202134.0Z<br>subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=tf-lab,DC=tribal<br>
fusion,DC=com<br>dsServiceName: CN=NTDS Settings,CN=LABDC01,CN=Servers,CN=Default-First-Site-Na<br> me,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com<br>namingContexts: DC=tf-lab,DC=test2,DC=com<br>namingContexts: CN=Configuration,DC=tf-lab,DC=test2,DC=com<br>
namingContexts: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=com<br>namingContexts: DC=DomainDnsZones,DC=tf-lab,DC=test2,DC=com<br>namingContexts: DC=ForestDnsZones,DC=tf-lab,DC=test2,DC=com<br>defaultNamingContext: DC=tf-lab,DC=test2,DC=com<br>
schemaNamingContext: CN=Schema,CN=Configuration,DC=tf-lab,DC=test2,DC=c<br> om<br>configurationNamingContext: CN=Configuration,DC=tf-lab,DC=test2,DC=com<br>rootDomainNamingContext: DC=tf-lab,DC=test2,DC=com<br>supportedControl: 1.2.840.113556.1.4.319<br>
supportedControl: 1.2.840.113556.1.4.801<br>supportedControl: 1.2.840.113556.1.4.473<br>supportedControl: 1.2.840.113556.1.4.528<br>supportedControl: 1.2.840.113556.1.4.417<br>supportedControl: 1.2.840.113556.1.4.619<br>supportedControl: 1.2.840.113556.1.4.841<br>
supportedControl: 1.2.840.113556.1.4.529<br>supportedControl: 1.2.840.113556.1.4.805<br>supportedControl: 1.2.840.113556.1.4.521<br>supportedControl: 1.2.840.113556.1.4.1948<br>supportedLDAPVersion: 3<br>supportedLDAPVersion: 2<br>
supportedLDAPPolicies: MaxPoolThreads<br>supportedLDAPPolicies: MaxDatagramRecv<br>supportedLDAPPolicies: MaxReceiveBuffer<br>supportedLDAPPolicies: InitRecvTimeout<br>supportedLDAPPolicies: MaxConnections<br>supportedLDAPPolicies: MaxConnIdleTime<br>
supportedLDAPPolicies: MaxPageSize<br>supportedLDAPPolicies: MaxQueryDuration<br>supportedLDAPPolicies: MaxTempTableSize<br>supportedLDAPPolicies: MaxResultSetSize<br>supportedLDAPPolicies: MaxNotificationPerConn<br>supportedLDAPPolicies: MaxValRange<br>
highestCommittedUSN: 90680<br>supportedSASLMechanisms: GSSAPI<br>supportedSASLMechanisms: GSS-SPNEGO<br>supportedSASLMechanisms: EXTERNAL<br>supportedSASLMechanisms: DIGEST-MD5<br>dnsHostName: <a href="http://labdc01.tf-lab.test2.com">labdc01.tf-lab.test2.com</a><br>
ldapServiceName: tf-lab.test2.com:labdc01$@<a href="http://TF-LAB.TEST2.COM">TF-LAB.TEST2.COM</a><br>serverName: CN=LABDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tf-lab,DC=test2,DC=com<br>supportedCapabilities: 1.2.840.113556.1.4.800<br>
supportedCapabilities: 1.2.840.113556.1.4.1670<br>supportedCapabilities: 1.2.840.113556.1.4.1791<br>isSynchronized: TRUE<br>isGlobalCatalogReady: TRUE<br>domainFunctionality: 0<br>forestFunctionality: 0<br>domainControllerFunctionality: 2<br>
<br><br>root@linux2 slapd-linux2]# grep err /var/log/dirsrv/slapd-linux2/errors<br>[root@linux2 slapd-linux2]# <br><br><br><br><br><br><br><br><div class="gmail_quote">On Mon, Oct 20, 2008 at 12:07 PM, Vipul Ramani <span dir="ltr"><<a href="mailto:vipulramani@gmail.com">vipulramani@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div dir="ltr"><br><br>CA is self-signed generated certificate . by Linux2 it self. <br><br>
<br>[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "CA"<div class="Ih2E3d"><br><br>Certificate Nickname Trust Attributes<br>
SSL,S/MIME,JAR/XPI<br><br></div>Certificate:<br> Data:<br> Version: 3 (0x2)<br> Serial Number: 1000 (0x3e8)<br> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption<br>
Issuer: "CN=CAcert"<br> Validity:<br> Not Before: Fri Oct 17 15:11:18 2008<br> Not After : Wed Oct 17 15:11:18 2018<br> Subject: "CN=CAcert"<br> Subject Public Key Info:<br>
Public Key Algorithm: PKCS #1 RSA Encryption<br> RSA Public Key:<br> Modulus:<br> c8:40:4b:86:0b:70:3d:5d:6a:f6:f4:a5:86:e9:1c:98:<br> d0:dd:19:31:e3:b8:18:3b:0a:c8:9f:83:33:98:cd:98:<br>
54:83:9d:73:97:69:04:26:b8:75:4a:95:7e:ed:92:62:<br> 51:2c:70:8a:a6:f2:a6:8b:b5:c6:53:d3:f8:cc:01:c9:<br> e8:78:55:1f:69:e3:c4:5c:5e:e8:a6:bf:dc:53:ac:a6:<br> ce:75:14:98:2f:a7:c0:da:ae:be:5d:91:e6:f2:96:84:<br>
02:a0:ec:df:e4:de:91:25:2d:65:d8:bd:79:3d:07:ea:<br> 8c:9f:9e:5b:ee:04:a3:18:2e:98:c6:ab:15:a1:d5:d9<br> Exponent: 65537 (0x10001)<br> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption<br>
Signature:<br> 55:bd:f2:f7:37:e5:60:e0:87:20:a7:d7:69:b2:eb:79:<br> e6:98:7e:72:f1:b1:dc:11:08:94:fd:c3:56:a8:14:37:<br> 2b:1b:cd:bc:05:3d:54:45:73:7f:b2:dc:f8:f1:f4:44:<br> 61:25:54:c6:e2:c2:68:1f:d7:cc:d3:37:16:37:98:b8:<br>
37:c3:7e:49:48:12:58:17:26:fe:87:bc:d4:ef:ee:6b:<br> 5d:35:1f:1f:72:a5:5e:6b:b7:94:e6:c3:63:7c:2a:24:<br> 4c:43:39:cd:74:7b:56:08:15:f9:85:3f:ed:c9:ba:01:<br> 88:d0:90:84:1d:e6:0e:84:7f:83:8e:bf:9e:9a:b2:a3<br>
Fingerprint (MD5):<br> 2C:77:B6:61:BA:3D:F0:E2:8E:EB:BA:4D:74:A4:E4:0C<br> Fingerprint (SHA1):<br> 06:FE:B9:62:26:E7:56:1E:2B:84:C0:5E:AC:DC:F7:1A:AE:A8:58:0E<br><br> Certificate Trust Flags:<br> SSL Flags:<br>
Valid CA<br> Trusted CA<br> User<br> Trusted Client CA<br> Email Flags:<br> User<br> Object Signing Flags:<br> User<br><br>[root@linux2 ~]# certutil -L -d /etc/dirsrv/slapd-linux2 -n "linux2"<div class="Ih2E3d">
<br>
<br>Certificate Nickname Trust Attributes<br> SSL,S/MIME,JAR/XPI<br><br></div>Certificate:<br> Data:<br> Version: 3 (0x2)<br>
Serial Number:<br> 14:fc:4e:02:00:00:00:00:00:16<br> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption<br> Issuer: "CN=labdc01,DC=tf-lab,DC=test2,DC=com"<br> Validity:<br>
Not Before: Fri Oct 17 23:35:13 2008<br> Not After : Sun Oct 17 23:35:13 2010<br> Subject: "CN=linux2,OU=Ops,O=Exponential,L=Emeryville,ST=California,C<br> =US"<br> Subject Public Key Info:<br>
Public Key Algorithm: PKCS #1 RSA Encryption<br> RSA Public Key:<br> Modulus:<br> da:db:9b:d8:c2:aa:42:4e:85:69:b2:0a:19:46:87:2d:<br> 67:e6:4b:9b:4d:97:96:6a:e3:bf:90:c2:ab:a7:0d:17:<br>
--removed-some-part---<br> 24:72:dc:18:5c:7e:1a:16:b3:bd:38:1b:0a:0f:a6:48:<br> ae:4e:ef:5a:eb:cd:12:6f:5e:16:8f:6c:ce:ff:fa:71<br> Exponent: 65537 (0x10001)<br>
Signed Extensions:<br> Name: Certificate Subject Key ID<br> Data:<br> 75:e0:f9:0d:9f:77:24:61:38:87:17:87:43:ee:25:5d:<br> c0:b2:4f:d3<br><br> Name: Certificate Authority Key Identifier<br>
Key ID:<br> 83:c2:a6:03:eb:b2:a8:ea:40:d0:63:42:01:68:8f:a8:<br> 11:9e:ec:f9<br><br> Name: CRL Distribution Points<br> URI: "ldap:///CN=labdc01,CN=labdc01,CN=CDP,CN=Public%20Key%20Serv<br>
ices,CN=Services,CN=Configuration,DC=tf-lab,DC=test2,D<br> C=com?certificateRevocationList?base?objectClass=cRLDistribut<br> ionPoint"<br> URI: "<a href="http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c" target="_blank">http://labdc01.tf-lab.test2.com/CertEnroll/labdc01.c</a><br>
rl"<br><br> Name: Authority Information Access<br> Method: PKIX CA issuers access method<br> Location:<br> URI: "ldap:///CN=labdc01,CN=AIA,CN=Public%20Key%20Services,CN<br>
=Services,CN=Configuration,DC=tf-lab,DC=test2,DC=c<br> om?cACertificate?base?objectClass=certificationAuthority"<br> Method: PKIX CA issuers access method<br> Location:<br>
URI: "<b><a href="http://labdc01.tf-lab.test2.com" target="_blank">http://labdc01.tf-lab.test2.com</a></b>/CertEnroll/labdc<br> 01.tf-lab.test2.com_labdc01.crt"<br><br> Name: Microsoft Enrollment Cert Type Extension<br>
Data: "WebServer"<br><br> Name: Certificate Basic Constraints<br> Critical: True<br> Data: Is not a CA.<br><br> Name: Certificate Key Usage<br> Usages: Digital Signature<br>
Key Encipherment<br><br> Name: Extended Key Usage<br> TLS Web Server Authentication Certificate<br><br> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption<br> Signature:<br>
0b:f7:2f:25:e5:99:aa:27:59:5d:76:96:5a:64:0b:a7:<br> 91:7d:48:49:fd:a8:46:db:cc:39:7b:97:34:94:3c:0c:<br> 7c:fe:4d:f7:99:5e:da:a6:7d:53:5c:36:ba:ed:a7:05:<br> 60:04:2a:76:6e:02:75:a0:1c:59:bd:ad:82:db:fc:61:<br>
--removed some--part--<br> 6d:11:23:4c:77:60:18:ec:fd:47:63:72:d3:00:ee:04:<br> c2:01:3a:d8:dc:f1:4b:55:c5:7a:39:09:83:9b:09:bd:<br> 65:64:4c:6f:8d:19:86:94:95:76:1b:07:08:ad:03:70<br> Fingerprint (MD5):<br>
BD:3D:31:6C:27:A8:82:1A:11:81:5B:F6:56:D7:FA:E3<br> Fingerprint (SHA1):<br> 89:45:EE:8E:7D:B7:01:EB:72:80:F2:86:91:B8:02:D4:60:3A:19:FA<br><br> Certificate Trust Flags:<br> SSL Flags:<br> Valid CA<br>
Trusted CA<br> User<br> Trusted Client CA<br> Email Flags:<br> User<br> Object Signing Flags:<br> User<br><br><pre style="margin: 0em;"><br></pre><tt><br>
</tt><b style="color: rgb(0, 0, 153);"><span style="font-family: times new roman,serif;">| /usr/lib/mozldap/ldapsearch -h windowshost -p 636 -Z -P
/etc/dirsrv/slapd-linux2 -3 -s base -b "" "objectclass=*"
</span></b><pre style="margin: 0em;"><br><font size="4"><b><span style="font-family: arial,helvetica,sans-serif;">When i do this i am getting cordump ... :(( </span></b></font><br></pre><br>
</div>
</blockquote></div><br><br clear="all"><br>-- <br>Regards<br><br>Vipul Ramani<br><br>
</div>