Hello Noriko,
Same problem unfortunately :(
Thanks, Phil
----- On 4 Jan, 2016, at 20:54, Noriko Hosoi <nhosoi(a)redhat.com> wrote:
Hello Phil,
We are working on the issue, but not sure what the root cause is yet.
If you could try the new installer I have just uploaded, it would be
a
big help for us. (Please note that the version remains the same 1.1.15.)
http://www.port389.org/docs/389ds/download.html#windows-console
Thank you,
--noriko
On 01/04/2016 09:22 AM, Phil Daws wrote:
> ----- On 4 Jan, 2016, at 16:45, Rich Megginson
rmeggins(a)redhat.com wrote:
>> On 01/04/2016 09:23 AM, Phil Daws wrote:
>>> Hello Rich,
>>> Have ran in debug mode and connected to the admin
interface which has been
>>> secured with a cert:
>>> {SUBJECT_DN=CN=ads01-admin.lab,
SUBJECT={CN=ads01-admin},
>>> SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017,
>>> ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun Dec
20
>>> 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB,
>>> CN=LAB-CA}
>>> JButtonFactory: button width = 54
>>> JButtonFactory: button height = 20
>>> JButtonFactory: button width = 54
>>> JButtonFactory: button height = 20
>>> JButtonFactory: button width = 72
>>> JButtonFactory: button height = 20
>>> JButtonFactory: button width = 72
>>> JButtonFactory: button height = 20
>>> JButtonFactory: button width = 54
>>> JButtonFactory: button height = 20
>>> JButtonFactory: button width = 72certain
>>> HttpsChannel::select(...) - SELECT CERTIFICATE
>>> Unable to create ssl socket
>>> org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186)
>>> security library: invalid algorithm.
>>> at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
>>> at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
>>> at com.netscape.management.client.comm.CommManager.send(Unknown Source)
>>> at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
>>> at com.netscape.management.client.console.Console.invoke_task(Unknown
Source)
>>> at com.netscape.management.client.console.Console.authenticate_user(Unknown
>>> Source)
>>> at com.netscape.management.client.console.Console.<init>(Unknown
Source)
>>> at com.netscape.management.client.console.Console.main(Unknown Source)certain
>>> So it accepts the admin certificate fine but then shows
an empty selection box
>>> for a certificate ?
>> Not sure what it means by "invalid algorithm" but it looks as though
>> that is the root cause. The console doesn't know what to do with that
>> error, so it asks you to select another cert, which is just a
>> distraction at that point. Please open a ticket.
> Hmm, but that "invalid algorithm" message only appeared when I clicked on
> continue with no certificate showing in the selection dropdown list. The admin
> certificate was accepted fine and then it showed the empty selection list.
>>> Thanks, Phil
>>> ----- On 4 Jan, 2016, at 15:50, Rich Megginson
rmeggins(a)redhat.com wrote:
>>>> On 01/04/2016 01:11 AM, Phil Daws wrote:
>>>>> Any thoughts on this please ?
>>>>> ----- On 20 Dec, 2015, at 16:02, Phil Daws
uxbod(a)splatnix.net wrote:
>>>>>> Hello,
>>>>>> Have now got to the point where it says
"Select a certificate to authenticate"
>>>>>> yet the drop down box is empty.
>>>> Can you run the console with -D 9 -f console.log, then check console.log
>>>> to remove any sensitive information, then post that to this list? The
>>>> easiest way to do this is to make a copy of the .bat file that runs the
>>>> console, then add those arguments to the command line in the copy of the
>>>> .bat file.
>>>> I'm assuming you have not configured the admin
server/directory server
>>>> to require client cert authentication. If you don't know, then you
>>>> probably haven't.
>>>>>> If I check the NSS database it looks okay ?
>>>>>>
D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and
>>>>>> Settings\pmdaws\.389-console" -L
>>>>>> Certificate Nickname Trust Attributes
>>>>>> SSL,S/MIME,JAR/XPI
>>>>>> LAB CA Certificate CT,,
>>>>>> Phil Daws p,p,p
>>>>>> Seems as though the console is not picking
them up :(
>>>
>>> Thanks, Phil
>>>>>>> ----- On 15 Dec, 2015, at 20:35, Noriko Hosoi
nhosoi(a)redhat.com wrote:
>>>>>>> On 12/15/2015 11:40 AM, Phil Daws wrote:
>>
>>>>>> Hello,
>>>>>>>> Unfortunately I do not have a console
under Fedora/RHEL.
>>>>>>>> I can log into the Administration
console fine, but when I click on Server
>>>>>>>> Group, and then double click on the Directory Server it
prompts me for the
>>>>>>>> Distinguished name and password. The status is showing
as:
>>>>>>>> Server status: Stopped
>>>>>>>> Port: 636
>>>>>>>> The ports are listening fine:
>>>>>>>> Active Internet connections (only
servers)
>>>>>>>> Proto Recv-Q Send-Q Local Address Foreign Address State
>>>>>>>> PID/Program name
>>>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>>>>>>>> 301/sshd
>>>>>>>> tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN
>>>>>>>> 1261/httpd
>>>>>>>> tcp6 0 0 :::22 :::* LISTEN
>>>>>>>> 301/sshd
>>>>>>>> tcp6 0 0 :::636 :::* LISTEN
>>>>>>>> 1196/ns-slapd
>>>>>>>> tcp6 0 0 :::389 :::* LISTEN
>>>>>>>> 1196/ns-slapd
>>>>>>>> So am guessing it's probably due
to when I enabled "Secure Connection" in the
>>>>>>>> console :(
>>>>>>>> Any thoughts please ?
>>>>>>> Not sure yet, but did you have a chance to see this section?
>>>>>>>
http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsss...
>>>>>
>>> Thanks, Phil
>>>>>>>> ----- On 15 Dec, 2015, at 19:01,
Noriko Hosoi nhosoi(a)redhat.com wrote:
>>>>>>>>> On 12/15/2015 09:51 AM, Phil Daws
wrote:
>>>>
>>>>>> Hello,
>>>>>>>>>> I have 389 up and running in
my lab, with encryption enabled, but when I connect
>>>>>>>>>> too the Administration panel and double click on
the Directory Server it just
>>>>>>>>>> hangs. The CA certificate has been imported
using:
>>>>>>>>>>
d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and
>>>>>>>>>> Settings\phild\.389-console" -n "CA
Certificate" -t CT,, -i
>>>>>>>>>> d:\Downloads\CA-chain.pem -a
>>>>>>>>>> Am I missing something
obvious please ?
>>>>>>>
>>> Thanks, Phil
>>>>>>>>>> --
>>>>>>>>>> 389 users mailing list
>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>>> Administration URL starts with https?
>>>>>>>>> If you use Console on
Fedora/RHEL, you have no problem?