[Fedora-directory-users] Problem with AES
Andreas Kekkou
kekkou.a at cs.ucy.ac.cy
Tue Oct 30 07:06:35 UTC 2007
Both names are exactly the same.
Richard Megginson wrote:
> Andreas Kekkou wrote:
>> Hi Richard,
>>
>> Nothing has changed. Executing the command you have suggested on both
>> servers I get the same output:
>>
>> [root at serverA alias]# ../shared/bin/certutil -L -P slapd-serverA- -d .
>> serverA-cert u,u,u
>> Computer Science Department CA CT,,
>>
>> [root at serverB alias]# ../shared/bin/certutil -L -P slapd-serverB- -d .
>> serverB-cert u,u,u
>> Computer Science Department CA CT,,
>>
>> Is there anything else I have to check?
> grep -i personality /opt/fedora-ds/slapd-instancename/config/dse.ldif
>
> The personality name should match with the server cert name in your
> certdb.
>>
>> Cheers.
>>
>> Andreas
>>
>> Richard Megginson wrote:
>>> Andreas Kekkou wrote:
>>>> Hi all,
>>>>
>>>> I'm running FDS in multi-master mode with two servers. Both servers
>>>> are configured with TLS support. One of the servers logs the
>>>> following error:
>>>>
>>>> [25/Oct/2007:08:50:55 +0300] - attrcrypt_unwrap_key: failed to
>>>> unwrap key for cipher AES
>>>> [25/Oct/2007:08:50:55 +0300] - Failed to retrieve key for cipher
>>>> AES in attrcrypt_cipher_init
>>>> [25/Oct/2007:08:50:55 +0300] - Failed to initialize cipher AES in
>>>> attrcrypt_init
>>>> [25/Oct/2007:08:50:55 +0300] - attrcrypt_unwrap_key: failed to
>>>> unwrap key for cipher AES
>>>> [25/Oct/2007:08:50:55 +0300] - Failed to retrieve key for cipher
>>>> AES in attrcrypt_cipher_init
>>>> [25/Oct/2007:08:50:55 +0300] - Failed to initialize cipher AES in
>>>> attrcrypt_init
>>>> [25/Oct/2007:08:50:57 +0300] - slapd started. Listening on All
>>>> Interfaces port 389 for LDAP requests
>>>> [25/Oct/2007:08:50:57 +0300] - Listening on All Interfaces port 636
>>>> for LDAPS requests
>>>>
>>>> Both servers seems to work just fine. Any ideas how this can be
>>>> resolved?
>>> Has your SSL/TLS configuration changed at all? Have you acquired a
>>> new cert or renewed an existing cert?
>>> cd /opt/fedora-ds/alias
>>> ../shared/bin/certutil -L -P slapd-instance- -d .
>>>>
>>>> Thanks,
>>>>
>>>> Andreas
>>>> --
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kekkou.a.vcf
Type: text/x-vcard
Size: 303 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20071030/2a67e968/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3525 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20071030/2a67e968/attachment.bin>
More information about the Fedora-directory-users
mailing list