>
> ///////////
> As you suggested, I looked into the /var/log/dirsrv/slapd-E2WAN/errors file, I
> decided to purposely restart the whole server and at the very bottom, I found
> the following:
> [05/Apr/2016:15:43:01 -0400] - Information: Non-Secure Port Disabled
> [05/Apr/2016:15:43:01 -0400] - SSL alert: CERT_VerifyCertificateNow: verify
> certificate failed for cert wsf-LabLDAP.crt of family
> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 - Peer's
> Certificate has expired.)
> [05/Apr/2016:15:43:01 -0400] - 389-Directory/1.2.11.15 B2014.314.1342 starting
> up
> [05/Apr/2016:15:43:02 -0400] - slapd started. Listening on All Interfaces port
> 636 for LDAPS requests
>
> What draws my attention is the second line of output, SSL alert:
> CERT_VerifyCertificateNow etc... etc... etc... I would like to update the
> certificate, because I did generate a new CA-signed certificate with the same
> name wsf-LabLDAP.crt; and I did copy it into the same folder that the original
> 'expired' certificate was stored in.
Do you have the CA certificate in your /etc/dirsrv/slapd-<instance>/ nssdb? You
should be able to see it with certutil, and the trust flags CT. Try:
certutil -L -d /etc/dirsrv/slapd-<instance>/
Do you have a ca referenced in /etc/openldap/ldap.conf as well? That ca location
will need the CA certificate too.
What distro and version are you running (IE RHEL7)
I think this is an SSL issue at this point, not a password one. The password
parts all looked fine to me.
>
>
> [05/Apr/2016:15:46:52 -0400] conn=8 fd=64 slot=64 SSL connection from
> 192.168.2.243 to 192.168.2.243
> [05/Apr/2016:15:46:52 -0400] conn=8 op=-1 fd=64 closed - SSL peer cannot verify
> your certificate.
>
>
>
> I hope I provided proper and full details for your questions. I don't mind
> sharing clear text passwords, the real system is not reachable from the
> internet, and I am having this problem also in my virtual lab (where the data
> from above is copy/pasted).
I don't think we'll need these.
--
Sincerely,
William Brown
Software Engineer
Red Hat, Brisbane
No comments:
Post a Comment