[389-users] Replication over SSL

[Mitja Mihelič]

Hi!

I am trying to get replication to work over SSL, but I seem to be 
missing something...

To make a long story short: single-master and multi-master replication 
without SSL works without a problem.

I have created two Directory servers via the Management Console, one 
called master (supplier) and one called replica (consumer).
I have issued a certificate request via the management console for the 
supplier and consumer.
Both were signed by a test CA and imported into the corresponding 
server's certificate store.
Now, what exactly must I do, to correctly map the certificates and make 
them talk to each other ?
I have read the documentation, but I just don't understand how to make 
it work.

The following dn is used for replication:
dn: cn=replication manager,cn=config
objectClass: inetorgperson
objectClass: person
objectClass: top
objectClass: organizationalPerson
cn: replication manager
sn: RM
userPassword: replicate
passwordExpirationTime: 20380119031407Z

Greetings,
Mitja

Read the following lines if you wish to know how I have it set up what I 
have done to set up non-SSL replication:
The Directory server instances are using their own ports (supplier: 
30389/30636 and consumer: 40389/40636 respectively).
I have inserted a replication user into the dse.ldif files in both the 
supplier and the consumer as specified in the documentation.
The supplier has been populated with test entries, enabled the changelog 
and replication of the relevant database.
The consumer has been set up accordingly.
I have created an appropriate replication agreement and initialized the 
consumer.
All entries replicated as expected and the replica was updating 
successfully.