[Fedora-directory-users] SSL problem on replication!
Richard Megginson
rmeggins at redhat.com
Tue Mar 28 18:01:41 UTC 2006
Alex wrote:
>
>
>> of course!
>>
>> each server will have its own certificate. OK, you have
>> servers A & B.
>>
>>
>
> Answer to richard too...
>
> Ok, i tried..on my virtual....I run all command as you know..both in nodo1
> and nodo2...
> Now..both have ssl enabled....but if I try to import CA certificate from
> nodo1 to nodo2 :
>
> ../shared/bin/certutil -A -d . -P slapd-nodo2- -n "CA certificate" -t "CT,,"
> -a -i cacert.asc
>
> It says:
>
> Certutil-bin: could not obtain certificate from file: You are attempting to
> import a cert with the same issuer/serial as an existing cert, but that is
> not the same cert
>
The problem with using the script is that, if you run it from a
completely clean install, it will create a brand new CA cert. I think
the script may be able to detect if you already have a CA cert.
> Plus...as suggested from Susan I ran /usr/bin/ldapsearch -ZZ -h nodo1....
> Ant it reports:
>
> Ldap_start_tls: Connect error (-11)
> additional info: Start TLS request accepted.Server willing
> to negotiate SSL.
>
> Alex
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060328/535857a1/attachment.bin>
More information about the Fedora-directory-users
mailing list