Aaron Cline
2006-Nov-01 14:49 UTC
[Fedora-directory-users] Console can''t connect or get status of Directory Server
Hi folks: I''ve been playing with FDS and somehow I think I broke my setup. My console can no longer get the correct "status" of my directory server. It says that the DS is stopped though I can still query it so I don''t think it is. Also, when I try to open a DS window, the console tells me it can''t connect. I think the error is related to this: [01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL connection from 192.168.225.240 to 192.168.225.240 [01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No certificate authority is trusted for SSL client authentication. I''m using a Cert signed by Verisign so I''m not sure why this wouldn''t work. Can anyone shed some light? Maybe this is just a PKI problem that I don''t understand. Also, I don''t think I want SSL client authentication... I think I just want SSL Server authentication. Did I turn something on that I shouldn''t? Thanks for any help. Aaron
Richard Megginson
2006-Nov-01 15:41 UTC
Re: [Fedora-directory-users] Console can''t connect or get status of Directory Server
Aaron Cline wrote:> Hi folks: > > I''ve been playing with FDS and somehow I think I broke my setup. My > console can no longer get the correct "status" of my directory > server. It says that the DS is stopped though I can still query it so > I don''t think it is. Also, when I try to open a DS window, the > console tells me it can''t connect. > > I think the error is related to this: > > [01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL connection from > 192.168.225.240 <http://192.168.225.240> to 192.168.225.240 > <http://192.168.225.240> > [01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No > certificate authority is trusted for SSL client authentication. > > I''m using a Cert signed by Verisign so I''m not sure why this wouldn''t > work. Can anyone shed some light? Maybe this is just a PKI problem > that I don''t understand.Looks like it''s missing the CA cert from Verisign.> > Also, I don''t think I want SSL client authentication... I think I just > want SSL Server authentication. Did I turn something on that I shouldn''t? > > Thanks for any help. > > Aaron > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Aaron Cline
2006-Nov-01 16:06 UTC
Re: [Fedora-directory-users] Console can''t connect or get status of Directory Server
I see several "verisign" certs under the CA area in Certificate Management. Do I have to enable certain trusts on one of them? I thought they were trusted by default. Thanks, Aaron C. On 11/1/06, Richard Megginson <rmeggins@redhat.com> wrote:> > Aaron Cline wrote: > > Hi folks: > > > > I''ve been playing with FDS and somehow I think I broke my setup. My > > console can no longer get the correct "status" of my directory > > server. It says that the DS is stopped though I can still query it so > > I don''t think it is. Also, when I try to open a DS window, the > > console tells me it can''t connect. > > > > I think the error is related to this: > > > > [01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL connection from > > 192.168.225.240 <http://192.168.225.240> to 192.168.225.240 > > <http://192.168.225.240> > > [01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No > > certificate authority is trusted for SSL client authentication. > > > > I''m using a Cert signed by Verisign so I''m not sure why this wouldn''t > > work. Can anyone shed some light? Maybe this is just a PKI problem > > that I don''t understand. > Looks like it''s missing the CA cert from Verisign. > > > > Also, I don''t think I want SSL client authentication... I think I just > > want SSL Server authentication. Did I turn something on that I > shouldn''t? > > > > Thanks for any help. > > > > Aaron > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > >
Richard Megginson
2006-Nov-01 16:13 UTC
Re: [Fedora-directory-users] Console can''t connect or get status of Directory Server
Aaron Cline wrote:> I see several "verisign" certs under the CA area in Certificate > Management. Do I have to enable certain trusts on one of them? I > thought they were trusted by default.They should be. It looks like you need to turn off ssl client authentication.> > Thanks, > > Aaron C. > > On 11/1/06, *Richard Megginson* <rmeggins@redhat.com > <mailto:rmeggins@redhat.com>> wrote: > > Aaron Cline wrote: > > Hi folks: > > > > I''ve been playing with FDS and somehow I think I broke my setup. My > > console can no longer get the correct "status" of my directory > > server. It says that the DS is stopped though I can still query > it so > > I don''t think it is. Also, when I try to open a DS window, the > > console tells me it can''t connect. > > > > I think the error is related to this: > > > > [01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL > connection from > > 192.168.225.240 <http://192.168.225.240> > <http://192.168.225.240> to 192.168.225.240 <http://192.168.225.240> > > < http://192.168.225.240> > > [01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No > > certificate authority is trusted for SSL client authentication. > > > > I''m using a Cert signed by Verisign so I''m not sure why this > wouldn''t > > work. Can anyone shed some light? Maybe this is just a PKI problem > > that I don''t understand. > Looks like it''s missing the CA cert from Verisign. > > > > Also, I don''t think I want SSL client authentication... I think > I just > > want SSL Server authentication. Did I turn something on that I > shouldn''t? > > > > Thanks for any help. > > > > Aaron > > > ------------------------------------------------------------------------ > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >