[Fedora-directory-users] Back in SSL hell again!
Richard Megginson
rmeggins at redhat.com
Tue Jan 16 20:12:21 UTC 2007
Glenn wrote:
> So I'm just about to finish getting Windows Sync working between RH Directory
> Server 7.1SP3 and Active Directory. The latest error message in the passsync
> log says "insufficient access", so I create an ACI that gives the replication
> manager access to everything, just to see if it will work. Nope. So I
> think, maybe I have to restart the Directory Server. And then it fails to
> restart, logging the error message:
>
> SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert
> server-cert of family cn=RSA,cn=encryption,cn=cconfig (Netscape Portable
> Runtime error -8181 - Peer's Certificate has expired.)
>
Is it possible it is complaining about the CA cert?
> Yeah, right. Here's a copy of the certificate:
>
> [root at ourserver alias]# ./certutil -L -d ./ -n server-cert
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 16:43:78:57:00:00:00:00:00:0e
> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
> Issuer:
> "CN=OURCA,DC=ad,DC=ourshop,DC=edu"
> Validity:
> Not Before: Tue Nov 14 22:50:17 2006
> Not After : Thu Nov 13 22:50:17 2008
> ...
>
> Now, I'll grant you that this little synchronization exercise FEELS like it
> has gone on for more than two years, but according to the certificate, it has
> taken barely two months so far, leaving the certificate good for another 22
> months. Once again, the SSL error message seems to have little to do with
> reality.
>
> I just restarted the server three hours earlier, and it worked fine then.
> Can anyone suggest what I might try now? Thanks. -Glenn.
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070116/1fb7656e/attachment.bin>
More information about the Fedora-directory-users
mailing list