I believe that should all be ok. It's using the same key/cert as the DS
although I've also tried different keys/certs. There is an intermediate cert
in the chain, but in Manage Certs in both DS and admin server the trust chain
seems to appear ok.
I can contact the admin server over https, it's just when I change the config
DS to secure, and it updates the ldapurl in adm.conf that it subsequently fails.
Some more info in case it helps shed some light... If I attempt to update the
User DS in the console then the update fails to apply. But if I use ldapmodify
to manually update the directoryURL, then that seems to work ok over SSL. The
issue seems to be limited to the config DS only as far as I can tell.
Admin server key/certs below.
[root@ldap admin-serv]# certutil -d . -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and
Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> rsa 629b29a5d48bb157af44d40edf6b7b27d9fe6c2a ldap.example.com
[root@ldap admin-serv]#
[root@ldap admin-serv]# certutil -d . -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
root-ca CT,,
ca-cert CT,,
ldap.example.com CTu,u,u
Is there anything in particular about the config DS that would require some
specific certificate extensions or anything like that? It seems peculiar that
only that portion seems to be failing, unless I'm mistaken in what I'm seeing.
Thanks again for your help.
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
