[389-users] Disable SSL in Administration server from command line?

Fri Aug 14 08:49:53 UTC 2009

Hi,

I probably caused a major hiccup in my system - I can't log onto anymore
by the Java console to the Administration Server. Unfortunately, my
direcory server knowledge is not yet very deep so I got lost now.

Last action I had done before that the attempted removal of SSL
encryption from the Administration Server.
Originally, I had connected with SSL encryption to the Admin Server.
I then went to Configuration - Encryption, unchecked "Enable SSL for
this server" saved everything and restarted dirsrv-admin on the command
line.
The outcome was as desired: Originally I connected the console by
"https://admin.example.com:20126". After this change, connecting via
"http://admin.example.com":20126" worked. In both cases, I connected
from a remote PC.

But then I goofed by rechecking "Enable SSL for this server" and saving
the settings (nothing else was changed, in particular not the previously
working certificate settings). After I few distractions I had forgotten
about this and restarted the dirsrv-admin.

Since then I can't log on via fedora-idm-console anymore. Neither
"https://admin.example.com:20126" nor "http://admin.example.com":20126"
works anymore.

For https://admin.example.com:20216, I get the error:
Cannot connect to the Admin Server "https://admin.example.com:20126"
The URL is not correct or the server is not working.

For http://admin.example.com:20216, I get this error:
Cannot log on because of an incorrect User ID, Incorrect password or
Directory problem.
java.io.EOFException: Connection lost

OK, the second failure I expected, but not the first one.
I ca not believe that it is a typing error in URL, user name or password
as all this information comes from a script and except for https/http,
there were no modifications at all to this script.

For both attempts, /var/log/dirsrv/admin-serv/error shows
> [Fri Aug 14 16:19:05 2009] [error] SSL Library Error: -12268 Cannot
> connect: SSL is disabled
> [Fri Aug 14 16:19:25 2009] [error] SSL Library Error: -12268 Cannot
> connect: SSL is disabled
> [Fri Aug 14 16:32:39 2009] [error] SSL Library Error: -12268 Cannot
> connect: SSL is disabled
> [Fri Aug 14 16:35:26 2009] [error] SSL Library Error: -12268 Cannot
> connect: SSL is disabled
So it seems to me as if during the attempted reenabling of SSL on the
Admin Server, something went really wrong.

Hence my question:
Is it possible to force SSL usage from the Admin Server by command line?

I saw
http://directory.fedoraproject.org/wiki/Howto:SSL#Starting_the_Server_with_SSL_enabled
and hoped that something similar is possible in reverse direction?

Is there any way to overcome this problem? It would be most appreciated
is a complete reinstallation could be avoided. I was on the way to a
full backup (I do have an LDIF export) when I encountered problems and
messed up things while trying to get the backup done.

Any advice would be highly appreciated!

Regards,
Wolf

PS:
Installed versions are:
fedora-ds-1.1.2-1.fc6
fedora-idm-console-1.1.1-1.fc6
fedora-ds-dsgw-1.1.1-1.fc6
fedora-ds-admin-console-1.1.2-1.fc6
fedora-ds-base-1.1.3-2.fc6
fedora-ds-console-1.1.2-1.fc6
fedora-ds-admin-1.1.6-1.fc6