This is not an issue when using 389-console directly on the server. Thanks.
----- On 7 Jan, 2016, at 20:07, Phil Daws <ux...@splatnix.net> wrote:
> Any further thoughts please or should I just start all over again ? Thanks,
> Phil
> ----- On 5 Jan, 2016, at 09:06, Phil Daws <ux...@splatnix.net> wrote:
>> Hello Noriko,
>> Same problem unfortunately :(
>> Thanks, Phil
>> ----- On 4 Jan, 2016, at 20:54, Noriko Hosoi <nho...@redhat.com> wrote:
>>> Hello Phil,
>>> We are working on the issue, but not sure what the root cause is yet.
>>> If you could try the new installer I have just uploaded, it would be a
>>> big help for us. (Please note that the version remains the same 1.1.15.)
>>> http://www.port389.org/docs/389ds/download.html#windows-console
>>> Thank you,
>>> --noriko
>>> On 01/04/2016 09:22 AM, Phil Daws wrote:
>>>> ----- On 4 Jan, 2016, at 16:45, Rich Megginson rmegg...@redhat.com wrote:
>>>>> On 01/04/2016 09:23 AM, Phil Daws wrote:
>>>>>> Hello Rich,
>>>>>> Have ran in debug mode and connected to the admin interface which has
>>>>>> been
>>>>>> secured with a cert:
>>>>>> {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin},
>>>>>> SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017,
>>>>>> ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun
>>>>>> Dec 20
>>>>>> 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB,
>>>>>> CN=LAB-CA}
>>>>>> JButtonFactory: button width = 54
>>>>>> JButtonFactory: button height = 20
>>>>>> JButtonFactory: button width = 54
>>>>>> JButtonFactory: button height = 20
>>>>>> JButtonFactory: button width = 72
>>>>>> JButtonFactory: button height = 20
>>>>>> JButtonFactory: button width = 72
>>>>>> JButtonFactory: button height = 20
>>>>>> JButtonFactory: button width = 54
>>>>>> JButtonFactory: button height = 20
>>>>>> JButtonFactory: button width = 72certain
>>>>>> HttpsChannel::select(...) - SELECT CERTIFICATE
>>>>>> Unable to create ssl socket
>>>>>> org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed:
>>>>>> (-8186)
>>>>>> security library: invalid algorithm.
>>>>>> at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
>>>>>> at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source)
>>>>>> at com.netscape.management.client.comm.CommManager.send(Unknown Source)
>>>>>> at com.netscape.management.client.comm.HttpManager.get(Unknown Source)
>>>>>> at com.netscape.management.client.console.Console.invoke_task(Unknown
>>>>>> Source)
>>>>>> at
>>>>>> com.netscape.management.client.console.Console.authenticate_user(Unknown
>>>>>> Source)
>>>>>> at com.netscape.management.client.console.Console.<init>(Unknown Source)
>>>>>> at com.netscape.management.client.console.Console.main(Unknown
>>>>>> Source)certain
>>>>>> So it accepts the admin certificate fine but then shows an empty
>>>>>> selection box
>>>>>> for a certificate ?
>>>>> Not sure what it means by "invalid algorithm" but it looks as though
>>>>> that is the root cause. The console doesn't know what to do with that
>>>>> error, so it asks you to select another cert, which is just a
>>>>> distraction at that point. Please open a ticket.
>>>> Hmm, but that "invalid algorithm" message only appeared when I clicked on
>>>> continue with no certificate showing in the selection dropdown list. The
>>>> admin
>>>> certificate was accepted fine and then it showed the empty selection list.
>>>>>> Thanks, Phil
>>>>>> ----- On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote:
>>>>>>> On 01/04/2016 01:11 AM, Phil Daws wrote:
>>>>>>>> Any thoughts on this please ?
>>>>>>>> ----- On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote:
>>>>>>>>> Hello,
>>>>>>>>> Have now got to the point where it says "Select a certificate to
>>>>>>>>> authenticate"
>>>>>>>>> yet the drop down box is empty.
>>>>>>> Can you run the console with -D 9 -f console.log, then check console.log
>>>>>>> to remove any sensitive information, then post that to this list? The
>>>>>>> easiest way to do this is to make a copy of the .bat file that runs the
>>>>>>> console, then add those arguments to the command line in the copy of the
>>>>>>> .bat file.
>>>>>>> I'm assuming you have not configured the admin server/directory server
>>>>>>> to require client cert authentication. If you don't know, then you
>>>>>>> probably haven't.
>>>>>>>>> If I check the NSS database it looks okay ?
>>>>>>>>> D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and
>>>>>>>>> Settings\pmdaws\.389-console" -L
>>>>>>>>> Certificate Nickname Trust Attributes
>>>>>>>>> SSL,S/MIME,JAR/XPI
>>>>>>>>> LAB CA Certificate CT,,
>>>>>>>>> Phil Daws p,p,p
>>>>>>>>> Seems as though the console is not picking them up :(
>>>>>>>>> Thanks, Phil
>>>>>>>>> ----- On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote:
>>>>>>>>>> On 12/15/2015 11:40 AM, Phil Daws wrote:
>>>>>>>>>>> Hello,
>>>>>>>>>>> Unfortunately I do not have a console under Fedora/RHEL.
>>>>>>>>>>> I can log into the Administration console fine, but when I click on
>>>>>>>>>>> Server
>>>>>>>>>>> Group, and then double click on the Directory Server it prompts me
>>>>>>>>>>> for the
>>>>>>>>>>> Distinguished name and password. The status is showing as:
>>>>>>>>>>> Server status: Stopped
>>>>>>>>>>> Port: 636
>>>>>>>>>>> The ports are listening fine:
>>>>>>>>>>> Active Internet connections (only servers)
>>>>>>>>>>> Proto Recv-Q Send-Q Local Address Foreign Address State
>>>>>>>>>>> PID/Program name
>>>>>>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
>>>>>>>>>>> 301/sshd
>>>>>>>>>>> tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN
>>>>>>>>>>> 1261/httpd
>>>>>>>>>>> tcp6 0 0 :::22 :::* LISTEN
>>>>>>>>>>> 301/sshd
>>>>>>>>>>> tcp6 0 0 :::636 :::* LISTEN
>>>>>>>>>>> 1196/ns-slapd
>>>>>>>>>>> tcp6 0 0 :::389 :::* LISTEN
>>>>>>>>>>> 1196/ns-slapd
>>>>>>>>>>> So am guessing it's probably due to when I enabled "Secure
>>>>>>>>>>> Connection" in the
>>>>>>>>>>> console :(
>>>>>>>>>>> Any thoughts please ?
>>>>>>>>>> Not sure yet, but did you have a chance to see this section?
>>>>>>>>>> http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information
>>>>>>>>>>> Thanks, Phil
>>>>>>>>>>> ----- On 15 Dec, 2015, at 19:01, Noriko Hosoi nho...@redhat.com
>>>>>>>>>>> wrote:
>>>>>>>>>>>> On 12/15/2015 09:51 AM, Phil Daws wrote:
>>>>>>>>>>>>> Hello,
>>>>>>>>>>>>> I have 389 up and running in my lab, with encryption enabled, but
>>>>>>>>>>>>> when I connect
>>>>>>>>>>>>> too the Administration panel and double click on the Directory
>>>>>>>>>>>>> Server it just
>>>>>>>>>>>>> hangs. The CA certificate has been imported using:
>>>>>>>>>>>>> d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and
>>>>>>>>>>>>> Settings\phild\.389-console" -n "CA Certificate" -t CT,, -i
>>>>>>>>>>>>> d:\Downloads\CA-chain.pem -a
>>>>>>>>>>>>> Am I missing something obvious please ?
>>>>>>>>>>>>> Thanks, Phil
>>>>>>>>>>>>> --
>>>>>>>>>>>>> 389 users mailing list
>>>>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>>>>>> Administration URL starts with https?
>>>>>>>>>>>> If you use Console on Fedora/RHEL, you have no problem?
>>>>>>>>>>>> Thanks.
>>>>>>>>>>>> --
>>>>>>>>>>>> 389 users mailing list
>>>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>>>>> --
>>>>>>>>>>> 389 users mailing list
>>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>>>> --
>>>>>>>>>> 389 users mailing list
>>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>>> --
>>>>>>>>> 389 users mailing list
>>>>>>>>> 389-users@%(host_name)s
>>>>>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>>> --
>>>>>>>> 389 users mailing list
>>>>>>>> 389-users@%(host_name)s
>>>>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>>> --
>>>>>>> 389 users mailing list
>>>>>>> 389-users@%(host_name)s
>>>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>>> --
>>>>>> 389 users mailing list
>>>>>> 389-users@%(host_name)s
>>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users@%(host_name)s
>>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>>> --
>>>> 389 users mailing list
>>>> 389-users@%(host_name)s
>>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>>> --
>>> 389 users mailing list
>>> 389-users@%(host_name)s
>>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
>> --
>> 389 users mailing list
>> 389-users@%(host_name)s
>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
> --
> 389 users mailing list
> 389-users@%(host_name)s
> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org--
389 users mailing list
389-users@%(host_name)s
http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
