[Fedora-directory-users] simple ssl replication
Susan
logastellus at yahoo.com
Wed Jan 18 18:54:07 UTC 2006
--- Richard Megginson <rmeggins at redhat.com> wrote:
> The SSL client (in this case, the replication supplier) still needs to
> verify the SSL server (in this case, the replication consumer)
> certificate in order for SSL to work. It should be sufficient for the
> supplier to have the certificate of the CA that issued the consumer's
> certificate in its cert db.
I understand. Where is the cert db? Is that controled by /etc/openldap/ldap.conf? Because I
took *.db from the consumser's /opt/fedora-ds/alias, copied them over to the location specified by
TLS_CACERTDIR (/etc/openldap/cacerts) and still got the same error.
On the supplier:
[root at cnyldap01 cacerts]# ll
total 84
-rw------- 1 root root 65536 Jan 18 13:48 slapd-cnjldap01-cert8.db
-rw------- 1 root root 16384 Jan 18 13:48 slapd-cnjldap01-key3.db
On the consumer (cnjldap01) still:
[18/Jan/2006:13:50:21 -0500] conn=22 fd=65 slot=65 SSL connection from 149.85.70.110 to
149.85.86.65
[18/Jan/2006:13:50:21 -0500] conn=22 op=-1 fd=65 closed - SSL peer cannot verify your certificate.
What am I doing wrong?
Thank you for your help...
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Fedora-directory-users
mailing list