Dear all, I got problems while restarting my fedora-ds. In particular, when I try to start the server via start-slapd I receive the following message: [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 - Peer''s Certificate has expired.) [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are valid\ Then, if I try to menage certificates via console, I am not able to log in the console, I get the message: Cannot connect to the Admin Server ..... The URL is not correct or the server is not running. Therefore, I cannot start the server because my certificate is no more valid and I cannot menage certificate because my console doesn''t open (it seems to me). Can anyone help me? Thanks, marco
Richard Megginson
2006-Aug-23 13:50 UTC
Re: [Fedora-directory-users] problem starting slapd
Marco Bellacosa wrote:> Dear all, > > I got problems while restarting my fedora-ds. In particular, > when I try to start the server via start-slapd I receive the following > message: > > [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: > verify certificate failed for cert server-cert of family > cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 > - Peer''s Certificate has expired.) > [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are valid\ > > Then, if I try to menage certificates via console, I am not able to > log in the console, I get the message: > > Cannot connect to the Admin Server ..... > The URL is not correct or the server is not running. > > Therefore, I cannot start the server because my certificate is no more > valid and I cannot menage certificate because my console doesn''t open > (it seems to me). Can anyone help me?Looks like you will have to generate a new server (or CA?) cert. Do you have a CA? See http://directory.fedora.redhat.com/wiki/Howto:SSL for some examples of how to use the command line certutil tool.> > Thanks, > marco > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Thanks Richard, Richard Megginson wrote: > Marco Bellacosa wrote: > >> Dear all, >> >> I got problems while restarting my fedora-ds. In particular, >> when I try to start the server via start-slapd I receive the following >> message: >> >> [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: >> verify certificate failed for cert server-cert of family >> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 >> - Peer''s Certificate has expired.) >> [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are valid\ >> >> Then, if I try to menage certificates via console, I am not able to >> log in the console, I get the message: >> >> Cannot connect to the Admin Server ..... >> The URL is not correct or the server is not running. >> >> Therefore, I cannot start the server because my certificate is no more >> valid and I cannot menage certificate because my console doesn''t open >> (it seems to me). Can anyone help me? > > Looks like you will have to generate a new server (or CA?) cert. Do you > have a CA? See http://directory.fedora.redhat.com/wiki/Howto:SSL for > some examples of how to use the command line certutil tool. > I followed the examples, but now # start-slapd Enter PIN for Internal (Software) Token: I insert the password and [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization Can''t find certificate (server-cert) for family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.) [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization: Unable to retrieve private key for cert server-cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - security library: bad database.) [24/Aug/2006:09:19:22 +0200] - SSL failure: None of the cipher are valid Please, note that I have my new admin-serv-hostname-cert8.db, slapd-hostname-cert8.db and so on and a valid CA certificate. Thanks in advance, marco >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Richard Megginson
2006-Aug-24 14:06 UTC
Re: [Fedora-directory-users] problem starting slapd
Marco Bellacosa wrote:> Thanks Richard, > > Richard Megginson wrote: > > Marco Bellacosa wrote: > > > >> Dear all, > >> > >> I got problems while restarting my fedora-ds. In particular, > >> when I try to start the server via start-slapd I receive the following > >> message: > >> > >> [23/Aug/2006:09:24:27 +0200] - SSL alert: CERT_VerifyCertificateNow: > >> verify certificate failed for cert server-cert of family > >> cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 > >> - Peer''s Certificate has expired.) > >> [23/Aug/2006:09:24:27 +0200] - SSL failure: None of the cipher are > valid\ > >> > >> Then, if I try to menage certificates via console, I am not able to > >> log in the console, I get the message: > >> > >> Cannot connect to the Admin Server ..... > >> The URL is not correct or the server is not running. > >> > >> Therefore, I cannot start the server because my certificate is no more > >> valid and I cannot menage certificate because my console doesn''t open > >> (it seems to me). Can anyone help me? > > > > Looks like you will have to generate a new server (or CA?) cert. Do > you > > have a CA? See http://directory.fedora.redhat.com/wiki/Howto:SSL for > > some examples of how to use the command line certutil tool. > > > > I followed the examples, but now > > # start-slapd > Enter PIN for Internal (Software) Token: I insert the password and > > [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization Can''t > find certificate (server-cert) for family cn=RSA,cn=encryption,cn=config > (Netscape Portable Runtime error -8174 - security library: bad database.) > [24/Aug/2006:09:19:22 +0200] - SSL alert: Security Initialization: > Unable to retrieve private key for cert server-cert of family > cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8174 - > security library: bad database.) > [24/Aug/2006:09:19:22 +0200] - SSL failure: None of the cipher are valid > > Please, note that I have my new admin-serv-hostname-cert8.db, > slapd-hostname-cert8.db and so on and a valid CA certificate.cd /opt/fedora-ds/alias ../shared/bin/certutil -P slapd-hostname- -d . -L ../shared/bin/certutil -P slapd-hostname- -d . -L -n server-cert ../shared/bin/certutil -P slapd-hostname- -d . -L -n Server-Cert> > > Thanks in advance, > marco > > >> Fedora-directory-users mailing list > >> Fedora-directory-users@redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users