Bug 215220
Summary: | Manage SSL fails: Could not open file slapd-<servername>-cert8.db | ||
---|---|---|---|
Product: | [Retired] 389 | Reporter: | Graham Leggett <minfrin> |
Component: | Security - SSL | Assignee: | Rich Megginson <rmeggins> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 1.0.2 | CC: | benl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-10-05 14:57:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Graham Leggett
2006-11-12 15:45:48 UTC
I just tried to reproduce this with a clean FDS 1.0.4 install on a RHEL4 system. I ran setup, then started the console, opened the directory server console, clicked on Manage Certificates. I got the dialog asking me for the new ssl pin for the new key/cert db. I entered the pin, and it gave me the Manage Certificates dialog. I could even browse the list of CA certs. The alias directory contains the slapd-localhost-cert8.db and slapd-localhost-key3.db files with the correct ownership and permissions. So at this point, I think we need some more information, because we are missing something here. > As a result, it is currently not possible to enabled SSL on FDS v1.0.4. You can also use the command line tools: http://directory.fedora.redhat.com/wiki/Howto:SSL Sorry, I wasn't specific enough. The certificate database was created externally using certutil and pk12util, the certificate database was already present when "manage certificates" was clicked the first time. If the database already exists, the directory server refuses to open this database. No specific reasons are given for this in the error message. If you created the files externally, did you make sure the files were owned by ldap:ldap, were writable e.g. mode 0600, and the alias directory was also owned and writable by ldap:ldap? The key/cert db layout is much improved in Fedora DS 1.1 |