[389-users] Recover after installing a bad cert.
Ryan Braun [ADS]
ryan.braun at ec.gc.ca
Wed Jul 8 18:50:10 UTC 2009
On July 8, 2009 06:19:55 pm Dumbo Q wrote:
> I just installed a new ssl certificate using pk12util. I restarted my
> dirsrv, and picked the new cert in the dropdown menu under the encryption
> tab. I restarted dirsrv to make it take affect. When I did this, I found
> that the root certificate was not in redhats/openssls ca-bundle. I tried
> importing the intermediate certificate, and I think I just made the problem
> worse.
>
> right now im getting the following.
> SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert
> rhds.example.com - Comodo CA Limited of family
> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8179 -
> Peer's Certificate issuer is not recognized.) [08/Jul/2009:14:18:04 -0400]
> - SSL failure: None of the cipher are valid
>
>
> Now my directory is down completely. How can I get it to start up without
> SSL so that I can fix the problem?
Make sure you backup /etc/dirsrv/INSTANCE/dse.ldif
then edit that file and look for
nsslapd-security: on
change to
nsslapd-security: off
save file, restart service and ssl should be turned off. Keep in mind
whatever caused the ssl config to puke in the first place is still there :)
Ryan
More information about the Fedora-directory-users
mailing list