This is not an issue when using 389-console directly on the server. Thanks.
----- On 7 Jan, 2016, at 20:07, Phil Daws <uxbod(a)splatnix.net> wrote:
Any further thoughts please or should I just start all over again ?
Thanks, Phil
----- On 5 Jan, 2016, at 09:06, Phil Daws <uxbod(a)splatnix.net>
wrote:
> Hello Noriko,
> Same problem unfortunately :(
> Thanks, Phil
> ----- On 4 Jan, 2016, at 20:54, Noriko Hosoi
<nhosoi(a)redhat.com> wrote:
>> Hello Phil,
>> We are working on the issue, but not sure what the root cause
is yet.
>> If you could try the new installer I have just uploaded, it
would be a
>> big help for us. (Please note that the version remains the same 1.1.15.)
>>
http://www.port389.org/docs/389ds/download.html#windows-console
>> Thank you,
>> --noriko
>> On 01/04/2016 09:22 AM, Phil Daws wrote:
>>> ----- On 4 Jan, 2016, at 16:45, Rich Megginson
rmeggins(a)redhat.com wrote:
>>>> On 01/04/2016 09:23 AM, Phil Daws wrote:
>>>>> Hello Rich,
>>>>> Have ran in debug mode and connected to the admin
interface which has been
>>>>> secured with a cert:
>>>>> {SUBJECT_DN=CN=ads01-admin.lab,
SUBJECT={CN=ads01-admin},
>>>>> SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017,
>>>>> ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA,
BEFOREDATE=Sun Dec 20
>>>>> 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB,
O=LAB,
>>>>> CN=LAB-CA}
>>>>> JButtonFactory: button width = 54
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 54
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 72
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 72
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 54
>>>>> JButtonFactory: button height = 20
>>>>> JButtonFactory: button width = 72certain
>>>>> HttpsChannel::select(...) - SELECT CERTIFICATE
>>>>> Unable to create ssl socket
>>>>> org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed:
(-8186)
>>>>> security library: invalid algorithm.
>>>>> at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
>>>>> at com.netscape.management.client.comm.HttpsChannel.open(Unknown
Source)
>>>>> at com.netscape.management.client.comm.CommManager.send(Unknown
Source)
>>>>> at com.netscape.management.client.comm.HttpManager.get(Unknown
Source)
>>>>> at com.netscape.management.client.console.Console.invoke_task(Unknown
Source)
>>>>> at
com.netscape.management.client.console.Console.authenticate_user(Unknown
>>>>> Source)
>>>>> at
com.netscape.management.client.console.Console.<init>(Unknown Source)
>>>>> at com.netscape.management.client.console.Console.main(Unknown
Source)certain
>>>>> So it accepts the admin certificate fine but then
shows an empty selection box
>>>>> for a certificate ?
>>>> Not sure what it means by "invalid algorithm" but it looks as
though
>>>> that is the root cause. The console doesn't know what to do with
that
>>>> error, so it asks you to select another cert, which is just a
>>>> distraction at that point. Please open a ticket.
>>> Hmm, but that "invalid algorithm" message only appeared when I
clicked on
>>> continue with no certificate showing in the selection dropdown list. The
admin
>>> certificate was accepted fine and then it showed the empty selection list.
>>>>
> Thanks, Phil
>>>>> ----- On 4 Jan, 2016, at 15:50, Rich Megginson
rmeggins(a)redhat.com wrote:
>>>>>> On 01/04/2016 01:11 AM, Phil Daws wrote:
>>>>>>> Any thoughts on this please ?
>>>>>>> ----- On 20 Dec, 2015, at 16:02, Phil
Daws uxbod(a)splatnix.net wrote:
>>>>>>>> Hello,
>>>>>>>> Have now got to the point where it
says "Select a certificate to authenticate"
>>>>>>>> yet the drop down box is empty.
>>>>>> Can you run the console with -D 9 -f console.log, then check
console.log
>>>>>> to remove any sensitive information, then post that to this list?
The
>>>>>> easiest way to do this is to make a copy of the .bat file that
runs the
>>>>>> console, then add those arguments to the command line in the copy
of the
>>>>>> .bat file.
>>>>>> I'm assuming you have not configured the
admin server/directory server
>>>>>> to require client cert authentication. If you don't know,
then you
>>>>>> probably haven't.
>>>>>>>> If I check the NSS database it looks
okay ?
>>>>>>>>
D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and
>>>>>>>> Settings\pmdaws\.389-console" -L
>>>>>>>> Certificate Nickname Trust
Attributes
>>>>>>>> SSL,S/MIME,JAR/XPI
>>>>>>>> LAB CA Certificate CT,,
>>>>>>>> Phil Daws p,p,p
>>>>>>>> Seems as though the console is not
picking them up :(
>>>>>>>
> Thanks, Phil
>>>>>>>>> ----- On 15 Dec, 2015, at 20:35, Noriko Hosoi
nhosoi(a)redhat.com wrote:
>>>>>>>>> On 12/15/2015 11:40 AM, Phil Daws
wrote:
>>
>>>>>>>> Hello,
>>>>>>>>>> Unfortunately I do not have a
console under Fedora/RHEL.
>>>>>>>>>> I can log into the
Administration console fine, but when I click on Server
>>>>>>>>>> Group, and then double click on the Directory
Server it prompts me for the
>>>>>>>>>> Distinguished name and password. The status is
showing as:
>>>>>>>>>> Server status: Stopped
>>>>>>>>>> Port: 636
>>>>>>>>>> The ports are listening fine:
>>>>>>>>>> Active Internet connections
(only servers)
>>>>>>>>>> Proto Recv-Q Send-Q Local Address Foreign Address
State
>>>>>>>>>> PID/Program name
>>>>>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>>>>>>>>>> 301/sshd
>>>>>>>>>> tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN
>>>>>>>>>> 1261/httpd
>>>>>>>>>> tcp6 0 0 :::22 :::* LISTEN
>>>>>>>>>> 301/sshd
>>>>>>>>>> tcp6 0 0 :::636 :::* LISTEN
>>>>>>>>>> 1196/ns-slapd
>>>>>>>>>> tcp6 0 0 :::389 :::* LISTEN
>>>>>>>>>> 1196/ns-slapd
>>>>>>>>>> So am guessing it's
probably due to when I enabled "Secure Connection" in the
>>>>>>>>>> console :(
>>>>>>>>>> Any thoughts please ?
>>>>>>>>> Not sure yet, but did you have a chance to see this
section?
>>>>>>>>>
http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsss...
>>>>>>>>>
> Thanks,
Phil
>>>>>>>>>> ----- On 15 Dec, 2015, at
19:01, Noriko Hosoi nhosoi(a)redhat.com wrote:
>>>>>>>>>>> On 12/15/2015 09:51 AM,
Phil Daws wrote:
>>>>
>>>>>>>> Hello,
>>>>>>>>>>>> I have 389 up and
running in my lab, with encryption enabled, but when I connect
>>>>>>>>>>>> too the Administration panel and double
click on the Directory Server it just
>>>>>>>>>>>> hangs. The CA certificate has been
imported using:
>>>>>>>>>>>>
d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and
>>>>>>>>>>>> Settings\phild\.389-console" -n
"CA Certificate" -t CT,, -i
>>>>>>>>>>>> d:\Downloads\CA-chain.pem -a
>>>>>>>>>>>> Am I missing
something obvious please ?
>>>>>>>>>>>
> Thanks,
Phil
>>>>>>>>>>>> --
>>>>>>>>>>>> 389 users mailing list
>>>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>>>>> Administration URL starts with https?
>>>>>>>>>>> If you use Console on
Fedora/RHEL, you have no problem?
>>>>>>>>>>> Thanks.
>>>>>>>>>>> --
>>>>>>>>>>> 389 users mailing list
>>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>>>> --
>>>>>>>>>> 389 users mailing list
>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>>> --
>>>>>>>>> 389 users mailing list
>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>> --
>>>>>>>> 389 users mailing list
>>>>>>>> 389-users@%(host_name)s
>>>>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>> --
>>>>>>> 389 users mailing list
>>>>>>> 389-users@%(host_name)s
>>>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users@%(host_name)s
>>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@%(host_name)s
>>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>> --
>>>> 389 users mailing list
>>>> 389-users@%(host_name)s
>>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>> --
>>> 389 users mailing list
>>> 389-users@%(host_name)s
>>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>> --
>> 389 users mailing list
>> 389-users@%(host_name)s
>>
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org