We have/had a working 389 directory server running on Centos 8. It was
working fine, and for the most part, it still is. We can sucessfully
manage it through the cockpit service. We can successfully manage the
directory with ApacheDirectoryStudio. ldapsearch/ldapmodify works fine.
But it appears that sometime in the last month or two, when we use the
command dsidm, we have started getting a cert error. Again, it is only
with dsidm.
The error we get is:
Error: Can't contact LDAP server - error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)
I can't figure out where it is seeing this self-signed cert. When I run
dsidm commands with "-v", I see the following:
DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-{instance_name}
DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
But we have our certs in that directory. And there are no self-signed
certs in our cert or its intermediate and root certs. The cert is a
GoDaddy cert.
How can I find out what cert dsidm is reading, so as to resolve this
issue?
Thanks,
Bryan
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
No comments:
Post a Comment