[Fedora-directory-users] FDS console on Windows with SSL and self-signed certificates
Brian Rudy
brudy at praecogito.com
Fri Jan 20 19:24:06 UTC 2006
Hi Folks,
I have set up Fedora Management Console on one of my Windows boxes per
the directions in the Howto:WindowsConsole Wiki, but have an issue
connecting to the Directory Server using SSL. From the Windows box FMC,
the Directory Server is listed in the Server Group, with Server status:
Stopped. In the slapd logs I see the following:
[20/Jan/2006:11:09:36 -0800] conn=4768 fd=68 slot=68 SSL connection from
192.168.128.65 to 192.168.128.4
[20/Jan/2006:11:09:36 -0800] conn=4768 op=-1 fd=68 closed - SSL peer
cannot verify your certificate.
Since I am using a self-signed certificate on the directory server,
which would require installation on the client, this all appears to make
sense. Now for the question: How does one install certificates on the
client when using JSS/NSPR/NSS as shown in the Wiki? It looks like you
would need to create your own cert7.db and key3.db with certutil, and
import the Server-Cert, but I'm a bit confused as to where the .db files
should be located, and what they should be named.
Has anyone done this who wouldn't mind sharing?
More information about the Fedora-directory-users
mailing list