[Fedora-directory-users] simple ssl replication
Richard Megginson
rmeggins at redhat.com
Wed Jan 18 17:12:04 UTC 2006
The SSL client (in this case, the replication supplier) still needs to
verify the SSL server (in this case, the replication consumer)
certificate in order for SSL to work. It should be sufficient for the
supplier to have the certificate of the CA that issued the consumer's
certificate in its cert db.
Susan wrote:
>Hi, all. Trying to setup replication over SSL, without certificates. In the UI, I said "Simple
>Authentication.", gave it the bind dn & password. (The name/pass pair work fine if non-SSL
>replication is used.)
>
>Anyway, in the consumer log, I see this:
>
>[18/Jan/2006:11:50:56 -0500] conn=66 fd=72 slot=72 SSL connection from 129.85.70.110 to
>129.85.86.65
>[18/Jan/2006:11:50:56 -0500] conn=66 op=-1 fd=72 closed - SSL peer cannot verify your certificate.
>
>What's the deal? Why is it trying to verify certs???
>
>on the supplier, I see this:
>
>[18/Jan/2006:11:44:47 -0500] NSMMReplicationPlugin - agmt="cn=main" (cnjldap01:636): Simple bind
>failed, LDAP sdk error 81 (Can't contact LDAP server), Netscape Portable Runtime error -8054
>(unknown)
>
>How come it failed??
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060118/23d17ea9/attachment.bin>
More information about the Fedora-directory-users
mailing list