[Fedora-directory-users] problem starting slapd

Richard Megginson rmeggins at redhat.com
Thu Aug 24 14:06:15 UTC 2006 

Marco Bellacosa wrote:
> Thanks Richard,
>
> Richard Megginson wrote:
> > Marco Bellacosa wrote:
> >
> >> Dear all,
> >>
> >> I got problems while restarting my fedora-ds. In particular,
> >> when I try to start the server via start-slapd I receive the following
> >> message:
> >>
> >> [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow:
> >> verify certificate failed for cert server-cert of family
> >> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181
> >> - Peer's Certificate has expired.)
> >> [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are 
> valid\
> >>
> >> Then, if I try to menage certificates via console, I am not able to
> >> log in the console, I get the message:
> >>
> >> Cannot connect to the Admin Server .....
> >> The URL is not correct or the server is not running.
> >>
> >> Therefore, I cannot start the server because my certificate is no more
> >> valid and I cannot menage certificate because my console doesn't open
> >> (it seems to me). Can anyone help me?
> >
> > Looks like you will have to generate a new server (or CA?) cert.  Do 
> you
> > have a CA?  See http://directory.fedora.redhat.com/wiki/Howto:SSL for
> > some examples of how to use the command line certutil tool.
> >
>
> I followed the examples, but now
>
> # start-slapd
> Enter PIN for Internal (Software) Token: I insert the password and
>
> [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization Can't
> find certificate (server-cert) for family cn=RSA,cn=encryption,cn=config
> (Netscape Portable Runtime error -8174 - security library: bad database.)
> [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization:
> Unable to retrieve private key for cert server-cert of family
> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 -
> security library: bad database.)
> [24/Aug/2006:09:19:22 +0200] - SSL failure: None of the cipher are valid
>
> Please, note that I have my new admin-serv-hostname-cert8.db,
> slapd-hostname-cert8.db and so on and a valid CA certificate.
cd /opt/fedora-ds/alias
../shared/bin/certutil -P slapd-hostname- -d . -L
../shared/bin/certutil -P slapd-hostname- -d . -L -n server-cert
../shared/bin/certutil -P slapd-hostname- -d . -L -n Server-Cert
>
>
> Thanks in advance,
> marco
>
> >> Fedora-directory-users mailing list
> >> Fedora-directory-users at redhat.com
> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> > 
> ------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
>
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060824/a0356114/attachment.bin>

More information about the Fedora-directory-users mailing list