Hi folks:
I've been playing with FDS and somehow I think I broke my setup. My console can no longer get the correct "status" of my directory server. It says that the DS is stopped though I can still query it so I don't think it is. Also, when I try to open a DS window, the console tells me it can't connect.
I think the error is related to this:
[01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL connection from 192.168.225.240 to 192.168.225.240 [01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No certificate authority is trusted for SSL client authentication.
I'm using a Cert signed by Verisign so I'm not sure why this wouldn't work. Can anyone shed some light? Maybe this is just a PKI problem that I don't understand.
Also, I don't think I want SSL client authentication... I think I just want SSL Server authentication. Did I turn something on that I shouldn't?
Thanks for any help.
Aaron
Aaron Cline wrote:
Hi folks:
I've been playing with FDS and somehow I think I broke my setup. My console can no longer get the correct "status" of my directory server. It says that the DS is stopped though I can still query it so I don't think it is. Also, when I try to open a DS window, the console tells me it can't connect.
I think the error is related to this:
[01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL connection from 192.168.225.240 http://192.168.225.240 to 192.168.225.240 http://192.168.225.240 [01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No certificate authority is trusted for SSL client authentication.
I'm using a Cert signed by Verisign so I'm not sure why this wouldn't work. Can anyone shed some light? Maybe this is just a PKI problem that I don't understand.
Looks like it's missing the CA cert from Verisign.
Also, I don't think I want SSL client authentication... I think I just want SSL Server authentication. Did I turn something on that I shouldn't?
Thanks for any help.
Aaron
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
I see several "verisign" certs under the CA area in Certificate Management. Do I have to enable certain trusts on one of them? I thought they were trusted by default.
Thanks,
Aaron C.
On 11/1/06, Richard Megginson rmeggins@redhat.com wrote:
Aaron Cline wrote:
Hi folks:
I've been playing with FDS and somehow I think I broke my setup. My console can no longer get the correct "status" of my directory server. It says that the DS is stopped though I can still query it so I don't think it is. Also, when I try to open a DS window, the console tells me it can't connect.
I think the error is related to this:
[01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL connection from 192.168.225.240 http://192.168.225.240 to 192.168.225.240 http://192.168.225.240 [01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No certificate authority is trusted for SSL client authentication.
I'm using a Cert signed by Verisign so I'm not sure why this wouldn't work. Can anyone shed some light? Maybe this is just a PKI problem that I don't understand.
Looks like it's missing the CA cert from Verisign.
Also, I don't think I want SSL client authentication... I think I just want SSL Server authentication. Did I turn something on that I
shouldn't?
Thanks for any help.
Aaron
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
Aaron Cline wrote:
I see several "verisign" certs under the CA area in Certificate Management. Do I have to enable certain trusts on one of them? I thought they were trusted by default.
They should be. It looks like you need to turn off ssl client authentication.
Thanks,
Aaron C.
On 11/1/06, *Richard Megginson* <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Aaron Cline wrote: > Hi folks: > > I've been playing with FDS and somehow I think I broke my setup. My > console can no longer get the correct "status" of my directory > server. It says that the DS is stopped though I can still query it so > I don't think it is. Also, when I try to open a DS window, the > console tells me it can't connect. > > I think the error is related to this: > > [01/Nov/2006:10:42:40 +0000] conn=84 fd=66 slot=66 SSL connection from > 192.168.225.240 <http://192.168.225.240> <http://192.168.225.240> to 192.168.225.240 <http://192.168.225.240> > < http://192.168.225.240> > [01/Nov/2006:10:42:40 +0000] conn=84 op=-1 fd=66 closed - No > certificate authority is trusted for SSL client authentication. > > I'm using a Cert signed by Verisign so I'm not sure why this wouldn't > work. Can anyone shed some light? Maybe this is just a PKI problem > that I don't understand. Looks like it's missing the CA cert from Verisign. > > Also, I don't think I want SSL client authentication... I think I just > want SSL Server authentication. Did I turn something on that I shouldn't? > > Thanks for any help. > > Aaron > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com <mailto:Fedora-directory-users@redhat.com> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org
-
Aaron Cline -
Rich Megginson