[Fedora-directory-users] Enabling SSL
Kevin Kovach
kovach at gmail.com
Wed Aug 3 21:18:51 UTC 2005
dn: cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionConfig
cn: encryption
nsSSLSessionTimeout: 0
nsSSLClientAuth: allowed
nsSSL2: off
nsSSL3: on
creatorsName: cn=server,cn=plugins,cn=config
modifiersName: cn=root
createTimestamp: 20050726153224Z
modifyTimestamp: 20050803144437Z
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,+rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des\
_sha,+fortezza,+fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
nsKeyfile: alias/slapd-birdie-key3.db
nsCertfile: alias/slapd-birdie-cert8.db
numSubordinates: 1
In the following entry I wasn't sure if '(software)' was a comment or
if it was part of the attr value so I've tried it both ways. Didn't
seem to change anything.
dn: cn=RSA,cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionModule
cn: RSA
nsSSLToken: internal (software)
nsSSLPersonalitySSL: Server-Cert
creatorsName: cn=root
modifiersName: cn=root
createTimestamp: 20050803144438Z
modifyTimestamp: 20050803144438Z
dn: cn=config
cn: config
objectClass: top
objectClass: extensibleObject
objectClass: nsslapdConfig
nsslapd-accesslog-logging-enabled: on
nsslapd-accesslog-maxlogsperdir: 10
nsslapd-accesslog-mode: 600
nsslapd-accesslog-maxlogsize: 100
nsslapd-accesslog-logrotationtime: 1
nsslapd-accesslog-logrotationtimeunit: day
nsslapd-accesslog-logrotationsync-enabled: off
nsslapd-accesslog-logrotationsynchour: 0
nsslapd-accesslog-logrotationsyncmin: 0
nsslapd-accesslog: /opt/fedora-ds/slapd-birdie/logs/access
nsslapd-enquote-sup-oc: off
nsslapd-schemacheck: on
nsslapd-rewrite-rfc1274: off
nsslapd-return-exact-case: on
nsslapd-ssl-check-hostname: off
...
modifyTimestamp: 20050803144438Z
nsslapd-security: on
I think those were the three objects modified. If you need more
please let me know. Thanks.
- Kevin
On 8/3/05, Adam Stokes <astokes at redhat.com> wrote:
> On Wed, 3 Aug 2005 16:54:09 -0400
> Kevin Kovach <kovach at gmail.com> wrote:
>
> > I double checked my key and cert files and they are of the correct
> > format. Incidentally, those then correspond to the nsCertfile and
> > nsKeyfile attributes that are made in the config changes? It's not
> > real clear in the wiki. The wiki suggests that the nsKeyfile and
> > nsCertfile attrs include 'slapd-directory'.
> >
> > I ask because I originally made the config changes by just copying and
> > pasting the ldif and I went back and changed them afterwards to be
> > 'slapd-<instance name>'.
>
> The above is correct, again modified the wiki to resemble the changes.
> >
> > Regardless of that I'm still not able to get the directory to start
> > up. I'm still seeing the same error in the log ...
> >
> > [03/Aug/2005:16:21:44 -0400] - Fedora-Directory/7.1 B2005.201.2115
> > starting up [03/Aug/2005:16:21:44 -0400] - SSL failure: None of the
> > cipher are valid
> >
> > I'm going to continue playing with it and research it online, but any
> > further advice or suggestions would be appreciated. Thanks.
> >
> > - Kevin
>
> Could you post your changes as it shows in /opt/fedora-ds/slapd-
> <instance>/config/dse.ldif?
>
> --
> ....<(^_^)> adam stokes ....
>
--
Take back the web, http://www.switch2firefox.com/
More information about the Fedora-directory-users
mailing list