[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [Fedora-directory-users] Re: SubjectAltName how does it work?
- From: "Alessandro Binarelli" <magobin gmail com>
- To: fedora-directory-users redhat com
- Subject: Re: [Fedora-directory-users] Re: SubjectAltName how does it work?
- Date: Mon, 10 Apr 2006 09:15:34 +0200
Hi,
today, I'm trying to solve ssl issue to comunicate from DS Fedora to
both client and another DS server for replication..after many test,
with your help I catched up this point:
I'm always in alias directory.
Create my CA database:
# ../shared/bin/certutil -N -d .
Make my self CA:
# ../shared/bin/certutil -S -d . -n 'CA Certificate' -s 'cn=CAcert' -x
-t CTu,CTu,CTu -g 1024 -m 1 -v 120 -2 -1 -5
Create server key and certificate for server1:
# ../shared/bin/certutil -R -d . -s "cn=nodo1,dc=domain,dc=example,dc=com" -o tmpcertreq
-g 1024
# ../shares/bin/certutil -C -d . -c "CA Certificate" -i tmpcertreq -o
tmpcert.der -m 3 -v 12
-1 -5 -8 domain.example.com
# ../shared/bin/certutil -A -d . -n nodo1.domain.example.com -t u,u,u -i
tmpcert.der
#rm -f tmpcert.der tmpcertreq
Create server key and certificate for server2:
# ../shared/bin/certutil -R -d . -s "cn=nodo2,dc=domain,dc=example,dc=com" -o tmpcertreq
-g 1024
# ../shares/bin/certutil -C -d . -c "CA Certificate" -i tmpcertreq -o tmpcert.der -m 4 -v 12
-1 -5 -8 domain.example.com
# ../shared/bin/certutil -A -d . -n Alt-Cert -t u,u,u -i tmpcert.der
#rm -f tmpcert.der tmpcertreq
After that I copy database on server 2 and rename it to match with correct server...finally I enable ssl encrypt on both servers
and I try to establish Multi Master Replication via mmr.pl script...so:
./mmr.pl --host1 nodo1.domain.example.com --host2
nodo2.domain.example.com --host1_id 1 --host2_id 2 --bindpw secret
--repmanpw secret --create --with-ssl
unfortunately consulting logs I find:
NSMMReplicationPlugin - agmt="cn="Replication
to nodo2.domain.example.com"" (nodo2:636): Simple bind failed, LDAP sdk
error 91 (Can't connect to the LDAP server), Netscape Portable Runtime error
-5961 (TCP connection reset by peer.)
It's incredible that when I find solution for something, at the same time I find problem in another point :-)
Thanks in advance for support
Alex
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]