Hide Forgot
Description of problem: While setting up DS with TLS, trust flags need to be set as mentioned below: Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CA certificate CTu,u,u server-cert u,u,u Server-Cert u,u,u if the trust is not setup properly we get below mentioned exception in directory server logs : <trust> Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CA certificate CT,, server-cert ,, Server-Cert ,, </trust> [23/Nov/2016:22:10:36.913504612 +051800] slapd_ssl_init - Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)[23/Nov/2016:22:10:36.921381616 +051800] ERROR: SSL Initialization Failed. Disabling SSL. This error is very generic and never tell about the reason behind failure. Version-Release number of selected component (if applicable): 1.3.5.10-11.el7 How reproducible: Steps to Reproduce: 1.set up trust flags as mentioned below. <trust> Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CA certificate CT,, server-cert ,, Server-Cert ,, </trust> Actual results:Failure reason doesn't show actual reason of failure. [23/Nov/2016:22:11:31.901119336 +051800] slapd_ssl_init - Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)[23/Nov/2016:22:11:31.913004139 +051800] ERROR: SSL Initialization Failed. Disabling SSL. Expected results: Errors logs could probably show some logging using which we can figure out the correct reason for failure. Additional info: Complete logs: [23/Nov/2016:22:10:36.933811005 +051800] 389-Directory/1.3.5.10 B2016.257.1817 starting up [23/Nov/2016:22:10:37.149617318 +051800] slapd started. Listening on All Interfaces port 389 for LDAP requests [23/Nov/2016:22:11:31.840633119 +051800] SSL alert: Sending pin request to SVRCore. You may need to run systemd-tty-ask-password-agent to provide the password. [23/Nov/2016:22:11:31.901119336 +051800] slapd_ssl_init - Unable to authenticate (Netscape Portable Runtime error -8192 - An I/O error occurred during security authorization.)[23/Nov/2016:22:11:31.913004139 +051800] ERROR: SSL Initialization Failed. Disabling SSL. [23/Nov/2016:22:11:31.925522389 +051800] 389-Directory/1.3.5.10 B2016.257.1817 starting up [23/Nov/2016:22:11:31.964573849 +051800] Detected Disorderly Shutdown last time Directory Server was running, recovering database. [23/Nov/2016:22:11:32.269108722 +051800] slapd started. Listening on All Interfaces port 389 for LDAP requests [23/Nov/2016:22:18:24.268267756 +051800] slapd shutting down - signaling operation threads - op stack size 0 max work q size 0 max work q stack size 0 Fifth Harmony - Worth It ft. Kid Ink Justin Bieber - Sorry (PURPOSE : The Movement)