[389-users] Replication over SSL

[Mitja Mihelič]

Thank you for your hint.
I did read the suggested documentation before asking for assistance, but 
did not understand it at that time.
In the end I used simple authentication over TLS/SSL.

Regards,
Mitja

Rich Megginson wrote:
> Mitja Mihelič wrote:
>> Hi!
>>
>> I am trying to get replication to work over SSL, but I seem to be 
>> missing something...
>>
>> To make a long story short: single-master and multi-master 
>> replication without SSL works without a problem.
>>
>> I have created two Directory servers via the Management Console, one 
>> called master (supplier) and one called replica (consumer).
>> I have issued a certificate request via the management console for 
>> the supplier and consumer.
>> Both were signed by a test CA and imported into the corresponding 
>> server's certificate store.
>> Now, what exactly must I do, to correctly map the certificates and 
>> make them talk to each other ?
>> I have read the documentation, but I just don't understand how to 
>> make it work.
>>
>> The following dn is used for replication:
>> dn: cn=replication manager,cn=config
>> objectClass: inetorgperson
>> objectClass: person
>> objectClass: top
>> objectClass: organizationalPerson
>> cn: replication manager
>> sn: RM
>> userPassword: replicate
>> passwordExpirationTime: 20380119031407Z
>>
>> Greetings,
>> Mitja
>>
>> Read the following lines if you wish to know how I have it set up 
>> what I have done to set up non-SSL replication:
>> The Directory server instances are using their own ports (supplier: 
>> 30389/30636 and consumer: 40389/40636 respectively).
>> I have inserted a replication user into the dse.ldif files in both 
>> the supplier and the consumer as specified in the documentation.
>> The supplier has been populated with test entries, enabled the 
>> changelog and replication of the relevant database.
>> The consumer has been set up accordingly.
>> I have created an appropriate replication agreement and initialized 
>> the consumer.
>> All entries replicated as expected and the replica was updating 
>> successfully.
> If you want to use simple authentication using your replication 
> manager user, but you want the connection to be secure with TLS/SSL, 
> start here - 
> http://www.redhat.com/docs/manuals/dir-server/8.1/admin/Managing_Replication-Replication_over_SSL.html 
>
>
>>
>>
>> -- 
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>