On 09/23/2011 01:24 PM, Orion Poplawski wrote:
I'm trying to setup MMR with another office site. We're
trying to connect
over SSL, but my server gives the error:
[23/Sep/2011:12:00:56 -0600] slapi_ldap_bind - Error: could not send bind
request for id [cn=Replication Manager,cn=config] mech [SIMPLE]: error 81
(Can't contact LDAP server) -8179 (Peer's Certificate issuer is not
recognized.) 11 (Resource temporarily unavailable)
I've added what I believe are the proper CA certs (it is a chain of 3) for the
remote server to my directory server via the 389-console and manage
certificates.
Did it have 3 in a single file, or 3 different files?
However, I noticed that when I use certutil on the server to
list the certificates, I don't see them:
# certutil -d /etc/dirsrv/slapd-cora/ -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA certificate CT,,
server-cert u,u,u
I would have thought they would be stored in the same place.
They should be.
If not, where
are the one listed in the console stored?
Good question.
Does it matter that they aren't
showing up with certutil?
Yes.
Are these chained to a well-known root CA? If so, you can add those to
the directory server CA certs list:
http://directory.fedoraproject.org/wiki/Howto:SSL#Viewing_the_list_of_bui...
Anything else I can do to debug the SSL connection?
It may just
be that if there is more than one CA cert in the file only
the first or last is added.