I have a new 389 installation running on Centos 8. I'm trying to follow
the
https://directory.fedoraproject.org/docs/389ds/howto/howto-install-389.html
and
https://directory.fedoraproject.org/docs/389ds/howto/howto-ssl.html
instructions. However, once I enable TLS, my instance no longer starts
up and I get the following error:
[26/Apr/2020:17:09:55.928293129 +0000] - ERR -
attrcrypt_fetch_private_key - Can't find certificate server-cert:
-5950 - File not found.
[26/Apr/2020:17:09:55.928654096 +0000] - ERR -
attrcrypt_fetch_private_key - Can't get private key from cert
server-cert: -5950 - File not found.
This is the ldif I'm using to configure TLS:
dn: cn=ECDSA,cn=encryption,cn=config
objectClass: top
objectClass: nsEncryptionModule
cn: ECDSA
nsSSLPersonalitySSL:
ldap2.mydomain.com
nsSSLActivation: on
nsSSLToken: Internal (Software)
and
dn: cn=encryption,cn=config
changetype: modify
add: sslVersionMin
sslVersionMin: TLS1.2
I also deleted the cn=RSA object as these are ECDSA certificates. Note
that yes, I did change the name of the cert. So I have no idea why it is
looking for server-cert.
Two questions. Once I turn on TLS,by setting nsslapd-security, the
instance no longer starts. Is there a way to revert the latest
configuration change so that I can get the instance started and fix it?
So far I've been having to recreate the instance completely.
Second, what did I break? How do I get TLS working on my instance?
Thanks
Scott