[389-users] Re: 389 Windows Console
This is not an issue when using 389-console directly on the server. Thanks. - On 7 Jan, 2016, at 20:07, Phil Daws wrote: > Any further thoughts please or should I just start all over again ? Thanks, > Phil > - On 5 Jan, 2016, at 09:06, Phil Daws wrote: >> Hello Noriko, >> Same problem unfortunately :( >> Thanks, Phil >> - On 4 Jan, 2016, at 20:54, Noriko Hosoi wrote: >>> Hello Phil, >>> We are working on the issue, but not sure what the root cause is yet. >>> If you could try the new installer I have just uploaded, it would be a >>> big help for us. (Please note that the version remains the same 1.1.15.) >>> http://www.port389.org/docs/389ds/download.html#windows-console >>> Thank you, >>> --noriko >>> On 01/04/2016 09:22 AM, Phil Daws wrote: - On 4 Jan, 2016, at 16:45, Rich Megginson rmegg...@redhat.com wrote: > On 01/04/2016 09:23 AM, Phil Daws wrote: >> Hello Rich, >> Have ran in debug mode and connected to the admin interface which has >> been >> secured with a cert: >> {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, >> SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, >> ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun >> Dec 20 >> 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, >> CN=LAB-CA} >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 72certain >> HttpsChannel::select(...) - SELECT CERTIFICATE >> Unable to create ssl socket >> org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: >> (-8186) >> security library: invalid algorithm. >> at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) >> at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) >> at com.netscape.management.client.comm.CommManager.send(Unknown Source) >> at com.netscape.management.client.comm.HttpManager.get(Unknown Source) >> at com.netscape.management.client.console.Console.invoke_task(Unknown >> Source) >> at >> com.netscape.management.client.console.Console.authenticate_user(Unknown >> Source) >> at com.netscape.management.client.console.Console.(Unknown Source) >> at com.netscape.management.client.console.Console.main(Unknown >> Source)certain >> So it accepts the admin certificate fine but then shows an empty >> selection box >> for a certificate ? > Not sure what it means by "invalid algorithm" but it looks as though > that is the root cause. The console doesn't know what to do with that > error, so it asks you to select another cert, which is just a > distraction at that point. Please open a ticket. Hmm, but that "invalid algorithm" message only appeared when I clicked on continue with no certificate showing in the selection dropdown list. The admin certificate was accepted fine and then it showed the empty selection list. >> Thanks, Phil >> - On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote: >>> On 01/04/2016 01:11 AM, Phil Daws wrote: Any thoughts on this please ? - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: > Hello, > Have now got to the point where it says "Select a certificate to > authenticate" > yet the drop down box is empty. >>> Can you run the console with -D 9 -f console.log, then check console.log >>> to remove any sensitive information, then post that to this list? The >>> easiest way to do this is to make a copy of the .bat file that runs the >>> console, then add those arguments to the command line in the copy of the >>> .bat file. >>> I'm assuming you have not configured the admin server/directory server >>> to require client cert authentication. If you don't know, then you >>> probably haven't. > If I check the NSS database it looks okay ? > D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and > Settings\pmdaws\.389-console" -L > Certificate Nickname Trust Attributes > SSL,S/MIME,JAR/XPI > LAB CA Certificate CT,, > Phil Daws p,p,p > Seems as though the console is not picking them up :( > Thanks, Phil > - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: >> On 12/15/2015 11:40 AM, Phil Daws wrote: >>> Hello, >>> Unfortunately I do not have a console under Fedora/RHEL. >>> I can log into the A
[389-users] Re: 389 Windows Console
Any further thoughts please or should I just start all over again ? Thanks, Phil - On 5 Jan, 2016, at 09:06, Phil Daws wrote: > Hello Noriko, > Same problem unfortunately :( > Thanks, Phil > - On 4 Jan, 2016, at 20:54, Noriko Hosoi wrote: >> Hello Phil, >> We are working on the issue, but not sure what the root cause is yet. >> If you could try the new installer I have just uploaded, it would be a >> big help for us. (Please note that the version remains the same 1.1.15.) >> http://www.port389.org/docs/389ds/download.html#windows-console >> Thank you, >> --noriko >> On 01/04/2016 09:22 AM, Phil Daws wrote: >>> - On 4 Jan, 2016, at 16:45, Rich Megginson rmegg...@redhat.com wrote: On 01/04/2016 09:23 AM, Phil Daws wrote: > Hello Rich, > Have ran in debug mode and connected to the admin interface which has been > secured with a cert: > {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, > SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, > ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun > Dec 20 > 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, > CN=LAB-CA} > JButtonFactory: button width = 54 > JButtonFactory: button height = 20 > JButtonFactory: button width = 54 > JButtonFactory: button height = 20 > JButtonFactory: button width = 72 > JButtonFactory: button height = 20 > JButtonFactory: button width = 72 > JButtonFactory: button height = 20 > JButtonFactory: button width = 54 > JButtonFactory: button height = 20 > JButtonFactory: button width = 72certain > HttpsChannel::select(...) - SELECT CERTIFICATE > Unable to create ssl socket > org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186) > security library: invalid algorithm. > at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) > at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) > at com.netscape.management.client.comm.CommManager.send(Unknown Source) > at com.netscape.management.client.comm.HttpManager.get(Unknown Source) > at com.netscape.management.client.console.Console.invoke_task(Unknown > Source) > at > com.netscape.management.client.console.Console.authenticate_user(Unknown > Source) > at com.netscape.management.client.console.Console.(Unknown Source) > at com.netscape.management.client.console.Console.main(Unknown > Source)certain > So it accepts the admin certificate fine but then shows an empty > selection box > for a certificate ? Not sure what it means by "invalid algorithm" but it looks as though that is the root cause. The console doesn't know what to do with that error, so it asks you to select another cert, which is just a distraction at that point. Please open a ticket. >>> Hmm, but that "invalid algorithm" message only appeared when I clicked on >>> continue with no certificate showing in the selection dropdown list. The >>> admin >>> certificate was accepted fine and then it showed the empty selection list. > Thanks, Phil > - On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote: >> On 01/04/2016 01:11 AM, Phil Daws wrote: >>> Any thoughts on this please ? >>> - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: Hello, Have now got to the point where it says "Select a certificate to authenticate" yet the drop down box is empty. >> Can you run the console with -D 9 -f console.log, then check console.log >> to remove any sensitive information, then post that to this list? The >> easiest way to do this is to make a copy of the .bat file that runs the >> console, then add those arguments to the command line in the copy of the >> .bat file. >> I'm assuming you have not configured the admin server/directory server >> to require client cert authentication. If you don't know, then you >> probably haven't. If I check the NSS database it looks okay ? D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and Settings\pmdaws\.389-console" -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI LAB CA Certificate CT,, Phil Daws p,p,p Seems as though the console is not picking them up :( Thanks, Phil - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: > On 12/15/2015 11:40 AM, Phil Daws wrote: >> Hello, >> Unfortunately I do not have a console under Fedora/RHEL. >> I can log into the Administration console fine, but when I click on >> Server >> Group, and then double click on the Directory Server it prompts me >> for the >> Distinguished name and password. The status is showing as: >>
[389-users] Re: 389 Windows Console
Hello Noriko, Same problem unfortunately :( Thanks, Phil - On 4 Jan, 2016, at 20:54, Noriko Hosoi wrote: > Hello Phil, > We are working on the issue, but not sure what the root cause is yet. > If you could try the new installer I have just uploaded, it would be a > big help for us. (Please note that the version remains the same 1.1.15.) > http://www.port389.org/docs/389ds/download.html#windows-console > Thank you, > --noriko > On 01/04/2016 09:22 AM, Phil Daws wrote: >> - On 4 Jan, 2016, at 16:45, Rich Megginson rmegg...@redhat.com wrote: >>> On 01/04/2016 09:23 AM, Phil Daws wrote: Hello Rich, Have ran in debug mode and connected to the admin interface which has been secured with a cert: {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun Dec 20 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, CN=LAB-CA} JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72certain HttpsChannel::select(...) - SELECT CERTIFICATE Unable to create ssl socket org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186) security library: invalid algorithm. at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.HttpManager.get(Unknown Source) at com.netscape.management.client.console.Console.invoke_task(Unknown Source) at com.netscape.management.client.console.Console.authenticate_user(Unknown Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source)certain So it accepts the admin certificate fine but then shows an empty selection box for a certificate ? >>> Not sure what it means by "invalid algorithm" but it looks as though >>> that is the root cause. The console doesn't know what to do with that >>> error, so it asks you to select another cert, which is just a >>> distraction at that point. Please open a ticket. >> Hmm, but that "invalid algorithm" message only appeared when I clicked on >> continue with no certificate showing in the selection dropdown list. The >> admin >> certificate was accepted fine and then it showed the empty selection list. Thanks, Phil - On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote: > On 01/04/2016 01:11 AM, Phil Daws wrote: >> Any thoughts on this please ? >> - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: >>> Hello, >>> Have now got to the point where it says "Select a certificate to >>> authenticate" >>> yet the drop down box is empty. > Can you run the console with -D 9 -f console.log, then check console.log > to remove any sensitive information, then post that to this list? The > easiest way to do this is to make a copy of the .bat file that runs the > console, then add those arguments to the command line in the copy of the > .bat file. > I'm assuming you have not configured the admin server/directory server > to require client cert authentication. If you don't know, then you > probably haven't. >>> If I check the NSS database it looks okay ? >>> D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and >>> Settings\pmdaws\.389-console" -L >>> Certificate Nickname Trust Attributes >>> SSL,S/MIME,JAR/XPI >>> LAB CA Certificate CT,, >>> Phil Daws p,p,p >>> Seems as though the console is not picking them up :( >>> Thanks, Phil >>> - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: On 12/15/2015 11:40 AM, Phil Daws wrote: > Hello, > Unfortunately I do not have a console under Fedora/RHEL. > I can log into the Administration console fine, but when I click on > Server > Group, and then double click on the Directory Server it prompts me > for the > Distinguished name and password. The status is showing as: > Server status: Stopped > Port: 636 > The ports are listening fine: > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name >>>
[389-users] Re: 389 Windows Console
Hello Phil, We are working on the issue, but not sure what the root cause is yet. If you could try the new installer I have just uploaded, it would be a big help for us. (Please note that the version remains the same 1.1.15.) http://www.port389.org/docs/389ds/download.html#windows-console Thank you, --noriko On 01/04/2016 09:22 AM, Phil Daws wrote: - On 4 Jan, 2016, at 16:45, Rich Megginson rmegg...@redhat.com wrote: On 01/04/2016 09:23 AM, Phil Daws wrote: Hello Rich, Have ran in debug mode and connected to the admin interface which has been secured with a cert: {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun Dec 20 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, CN=LAB-CA} JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72certain HttpsChannel::select(...) - SELECT CERTIFICATE Unable to create ssl socket org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186) security library: invalid algorithm. at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.HttpManager.get(Unknown Source) at com.netscape.management.client.console.Console.invoke_task(Unknown Source) at com.netscape.management.client.console.Console.authenticate_user(Unknown Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source)certain So it accepts the admin certificate fine but then shows an empty selection box for a certificate ? Not sure what it means by "invalid algorithm" but it looks as though that is the root cause. The console doesn't know what to do with that error, so it asks you to select another cert, which is just a distraction at that point. Please open a ticket. Hmm, but that "invalid algorithm" message only appeared when I clicked on continue with no certificate showing in the selection dropdown list. The admin certificate was accepted fine and then it showed the empty selection list. Thanks, Phil - On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote: On 01/04/2016 01:11 AM, Phil Daws wrote: Any thoughts on this please ? - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: Hello, Have now got to the point where it says "Select a certificate to authenticate" yet the drop down box is empty. Can you run the console with -D 9 -f console.log, then check console.log to remove any sensitive information, then post that to this list? The easiest way to do this is to make a copy of the .bat file that runs the console, then add those arguments to the command line in the copy of the .bat file. I'm assuming you have not configured the admin server/directory server to require client cert authentication. If you don't know, then you probably haven't. If I check the NSS database it looks okay ? D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and Settings\pmdaws\.389-console" -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI LAB CA Certificate CT,, Phil Dawsp,p,p Seems as though the console is not picking them up :( Thanks, Phil - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: On 12/15/2015 11:40 AM, Phil Daws wrote: Hello, Unfortunately I do not have a console under Fedora/RHEL. I can log into the Administration console fine, but when I click on Server Group, and then double click on the Directory Server it prompts me for the Distinguished name and password. The status is showing as: Server status: Stopped Port: 636 The ports are listening fine: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 301/sshd tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN 1261/httpd tcp6 0 0 :::22 :::*LISTEN 301/sshd tcp6 0 0 :::636 :::*LISTEN 1196/ns-slapd tcp6 0 0 :::389
[389-users] Re: 389 Windows Console
On 01/04/2016 10:22 AM, Phil Daws wrote: - On 4 Jan, 2016, at 16:45, Rich Megginson rmegg...@redhat.com wrote: On 01/04/2016 09:23 AM, Phil Daws wrote: Hello Rich, Have ran in debug mode and connected to the admin interface which has been secured with a cert: {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun Dec 20 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, CN=LAB-CA} JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72 HttpsChannel::select(...) - SELECT CERTIFICATE Unable to create ssl socket org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186) security library: invalid algorithm. at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.HttpManager.get(Unknown Source) at com.netscape.management.client.console.Console.invoke_task(Unknown Source) at com.netscape.management.client.console.Console.authenticate_user(Unknown Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) So it accepts the admin certificate fine but then shows an empty selection box for a certificate ? Not sure what it means by "invalid algorithm" but it looks as though that is the root cause. The console doesn't know what to do with that error, so it asks you to select another cert, which is just a distraction at that point. Please open a ticket. Hmm, but that "invalid algorithm" message only appeared when I clicked on continue with no certificate showing in the selection dropdown list. The admin certificate was accepted fine and then it showed the empty selection list. Ok. I'm not sure what's going on. Please open a ticket. Thanks, Phil - On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote: On 01/04/2016 01:11 AM, Phil Daws wrote: Any thoughts on this please ? - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: Hello, Have now got to the point where it says "Select a certificate to authenticate" yet the drop down box is empty. Can you run the console with -D 9 -f console.log, then check console.log to remove any sensitive information, then post that to this list? The easiest way to do this is to make a copy of the .bat file that runs the console, then add those arguments to the command line in the copy of the .bat file. I'm assuming you have not configured the admin server/directory server to require client cert authentication. If you don't know, then you probably haven't. If I check the NSS database it looks okay ? D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and Settings\pmdaws\.389-console" -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI LAB CA Certificate CT,, Phil Dawsp,p,p Seems as though the console is not picking them up :( Thanks, Phil - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: On 12/15/2015 11:40 AM, Phil Daws wrote: Hello, Unfortunately I do not have a console under Fedora/RHEL. I can log into the Administration console fine, but when I click on Server Group, and then double click on the Directory Server it prompts me for the Distinguished name and password. The status is showing as: Server status: Stopped Port: 636 The ports are listening fine: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 301/sshd tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN 1261/httpd tcp6 0 0 :::22 :::*LISTEN 301/sshd tcp6 0 0 :::636 :::*LISTEN 1196/ns-slapd tcp6 0 0 :::389 :::*LISTEN 1196/ns-slapd So am guessing it's probably due to when I enabled "Secure Connection" in the console :( Any thoughts please ? Not sure yet, but did you have a chance to see this section? http://www.port389.org/docs/389ds/howto/howto-ssl
[389-users] Re: 389 Windows Console
- On 4 Jan, 2016, at 16:45, Rich Megginson rmegg...@redhat.com wrote: > On 01/04/2016 09:23 AM, Phil Daws wrote: >> Hello Rich, >> >> Have ran in debug mode and connected to the admin interface which has been >> secured with a cert: >> >> {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, >> SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, >> ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun Dec >> 20 >> 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, >> CN=LAB-CA} >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 72 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 54 >> JButtonFactory: button height = 20 >> JButtonFactory: button width = 72 >> HttpsChannel::select(...) - SELECT CERTIFICATE >> Unable to create ssl socket >> org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186) >> security library: invalid algorithm. >> at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) >> at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) >> at com.netscape.management.client.comm.CommManager.send(Unknown Source) >> at com.netscape.management.client.comm.HttpManager.get(Unknown Source) >> at com.netscape.management.client.console.Console.invoke_task(Unknown >> Source) >> at >> com.netscape.management.client.console.Console.authenticate_user(Unknown >> Source) >> at com.netscape.management.client.console.Console.(Unknown Source) >> at com.netscape.management.client.console.Console.main(Unknown Source) >> >> So it accepts the admin certificate fine but then shows an empty selection >> box >> for a certificate ? > > Not sure what it means by "invalid algorithm" but it looks as though > that is the root cause. The console doesn't know what to do with that > error, so it asks you to select another cert, which is just a > distraction at that point. Please open a ticket. Hmm, but that "invalid algorithm" message only appeared when I clicked on continue with no certificate showing in the selection dropdown list. The admin certificate was accepted fine and then it showed the empty selection list. > > > >> >> Thanks, Phil >> >> - On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote: >> >>> On 01/04/2016 01:11 AM, Phil Daws wrote: Any thoughts on this please ? - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: > Hello, > > Have now got to the point where it says "Select a certificate to > authenticate" > yet the drop down box is empty. >>> Can you run the console with -D 9 -f console.log, then check console.log >>> to remove any sensitive information, then post that to this list? The >>> easiest way to do this is to make a copy of the .bat file that runs the >>> console, then add those arguments to the command line in the copy of the >>> .bat file. >>> >>> I'm assuming you have not configured the admin server/directory server >>> to require client cert authentication. If you don't know, then you >>> probably haven't. >>> > If I check the NSS database it looks okay ? > > D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and > Settings\pmdaws\.389-console" -L > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > LAB CA Certificate CT,, > Phil Dawsp,p,p > > Seems as though the console is not picking them up :( > > Thanks, Phil > - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: > >> On 12/15/2015 11:40 AM, Phil Daws wrote: >>> Hello, >>> >>> Unfortunately I do not have a console under Fedora/RHEL. >>> >>> I can log into the Administration console fine, but when I click on >>> Server >>> Group, and then double click on the Directory Server it prompts me for >>> the >>> Distinguished name and password. The status is showing as: >>> >>> Server status: Stopped >>> Port: 636 >>> >>> The ports are listening fine: >>> >>> Active Internet connections (only servers) >>> Proto Recv-Q Send-Q Local Address Foreign Address >>> State >>> PID/Program name >>> tcp0 0 0.0.0.0:22 0.0.0.0:* >>> LISTEN >>> 301/sshd >>> tcp0 0 0.0.0.0:98300.0.0.0:* >>> LISTEN >>> 1261/httpd >>> tcp6 0 0 :::22 :::*
[389-users] Re: 389 Windows Console
On 01/04/2016 09:23 AM, Phil Daws wrote: Hello Rich, Have ran in debug mode and connected to the admin interface which has been secured with a cert: {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun Dec 20 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, CN=LAB-CA} JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72 HttpsChannel::select(...) - SELECT CERTIFICATE Unable to create ssl socket org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186) security library: invalid algorithm. at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.HttpManager.get(Unknown Source) at com.netscape.management.client.console.Console.invoke_task(Unknown Source) at com.netscape.management.client.console.Console.authenticate_user(Unknown Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) So it accepts the admin certificate fine but then shows an empty selection box for a certificate ? Not sure what it means by "invalid algorithm" but it looks as though that is the root cause. The console doesn't know what to do with that error, so it asks you to select another cert, which is just a distraction at that point. Please open a ticket. Thanks, Phil - On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote: On 01/04/2016 01:11 AM, Phil Daws wrote: Any thoughts on this please ? - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: Hello, Have now got to the point where it says "Select a certificate to authenticate" yet the drop down box is empty. Can you run the console with -D 9 -f console.log, then check console.log to remove any sensitive information, then post that to this list? The easiest way to do this is to make a copy of the .bat file that runs the console, then add those arguments to the command line in the copy of the .bat file. I'm assuming you have not configured the admin server/directory server to require client cert authentication. If you don't know, then you probably haven't. If I check the NSS database it looks okay ? D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and Settings\pmdaws\.389-console" -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI LAB CA Certificate CT,, Phil Dawsp,p,p Seems as though the console is not picking them up :( Thanks, Phil - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: On 12/15/2015 11:40 AM, Phil Daws wrote: Hello, Unfortunately I do not have a console under Fedora/RHEL. I can log into the Administration console fine, but when I click on Server Group, and then double click on the Directory Server it prompts me for the Distinguished name and password. The status is showing as: Server status: Stopped Port: 636 The ports are listening fine: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 301/sshd tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN 1261/httpd tcp6 0 0 :::22 :::*LISTEN 301/sshd tcp6 0 0 :::636 :::*LISTEN 1196/ns-slapd tcp6 0 0 :::389 :::*LISTEN 1196/ns-slapd So am guessing it's probably due to when I enabled "Secure Connection" in the console :( Any thoughts please ? Not sure yet, but did you have a chance to see this section? http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information Thanks, Phil - On 15 Dec, 2015, at 19:01, Noriko Hosoi nho...@redhat.com wrote: On 12/15/2015 09:51 AM, Phil Daws wrote: Hello, I have 389 up and running in my lab, with encryption enabled, but when I connect too the Administration panel and double click on the Directory Server it just hangs. The CA certificate has been imported using: d:\Scratch\firefox_a
[389-users] Re: 389 Windows Console
Hello Rich, Have ran in debug mode and connected to the admin interface which has been secured with a cert: {SUBJECT_DN=CN=ads01-admin.lab, SUBJECT={CN=ads01-admin}, SERIAL=8741097289627376099, AFTERDATE=Tue Dec 19 14:05:35 2017, ISSUER={CN=LAB-CA, O=LAB, C=GB}, SIGNATURE=SHA256withRSA, BEFOREDATE=Sun Dec 20 14:05:35 2015, KEYTYPE=RSA, REASONS={}, VERSION=3, ISSUER_DN=C=GB, O=LAB, CN=LAB-CA} JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 72 JButtonFactory: button height = 20 JButtonFactory: button width = 54 JButtonFactory: button height = 20 JButtonFactory: button width = 72 HttpsChannel::select(...) - SELECT CERTIFICATE Unable to create ssl socket org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: (-8186) security library: invalid algorithm. at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method) at com.netscape.management.client.comm.HttpsChannel.open(Unknown Source) at com.netscape.management.client.comm.CommManager.send(Unknown Source) at com.netscape.management.client.comm.HttpManager.get(Unknown Source) at com.netscape.management.client.console.Console.invoke_task(Unknown Source) at com.netscape.management.client.console.Console.authenticate_user(Unknown Source) at com.netscape.management.client.console.Console.(Unknown Source) at com.netscape.management.client.console.Console.main(Unknown Source) So it accepts the admin certificate fine but then shows an empty selection box for a certificate ? Thanks, Phil - On 4 Jan, 2016, at 15:50, Rich Megginson rmegg...@redhat.com wrote: > On 01/04/2016 01:11 AM, Phil Daws wrote: >> Any thoughts on this please ? >> >> - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: >> >>> Hello, >>> >>> Have now got to the point where it says "Select a certificate to >>> authenticate" >>> yet the drop down box is empty. > > Can you run the console with -D 9 -f console.log, then check console.log > to remove any sensitive information, then post that to this list? The > easiest way to do this is to make a copy of the .bat file that runs the > console, then add those arguments to the command line in the copy of the > .bat file. > > I'm assuming you have not configured the admin server/directory server > to require client cert authentication. If you don't know, then you > probably haven't. > >>> >>> If I check the NSS database it looks okay ? >>> >>> D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and >>> Settings\pmdaws\.389-console" -L >>> >>> Certificate Nickname Trust >>> Attributes >>> >>> SSL,S/MIME,JAR/XPI >>> >>> LAB CA Certificate CT,, >>> Phil Dawsp,p,p >>> >>> Seems as though the console is not picking them up :( >>> >>> Thanks, Phil >>> - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: >>> On 12/15/2015 11:40 AM, Phil Daws wrote: > Hello, > > Unfortunately I do not have a console under Fedora/RHEL. > > I can log into the Administration console fine, but when I click on Server > Group, and then double click on the Directory Server it prompts me for the > Distinguished name and password. The status is showing as: > > Server status: Stopped > Port: 636 > > The ports are listening fine: > > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN > 301/sshd > tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN > 1261/httpd > tcp6 0 0 :::22 :::*LISTEN > 301/sshd > tcp6 0 0 :::636 :::*LISTEN > 1196/ns-slapd > tcp6 0 0 :::389 :::*LISTEN > 1196/ns-slapd > > So am guessing it's probably due to when I enabled "Secure Connection" in > the > console :( > > Any thoughts please ? Not sure yet, but did you have a chance to see this section? http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information > Thanks, Phil > > > > - On 15 Dec, 2015, at 19:01, Noriko Hosoi nho...@redhat.com wrote: > >> On 12/15/2015 09:51 AM, Phil Daws wrote: >>> Hello, >>> >>> I have 389 up and running in my lab, with encryption enabled, but when >>> I connect >>> too the Administration panel and double click on the Directo
[389-users] Re: 389 Windows Console
On 01/04/2016 01:11 AM, Phil Daws wrote: Any thoughts on this please ? - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: Hello, Have now got to the point where it says "Select a certificate to authenticate" yet the drop down box is empty. Can you run the console with -D 9 -f console.log, then check console.log to remove any sensitive information, then post that to this list? The easiest way to do this is to make a copy of the .bat file that runs the console, then add those arguments to the command line in the copy of the .bat file. I'm assuming you have not configured the admin server/directory server to require client cert authentication. If you don't know, then you probably haven't. If I check the NSS database it looks okay ? D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and Settings\pmdaws\.389-console" -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI LAB CA Certificate CT,, Phil Dawsp,p,p Seems as though the console is not picking them up :( Thanks, Phil - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: On 12/15/2015 11:40 AM, Phil Daws wrote: Hello, Unfortunately I do not have a console under Fedora/RHEL. I can log into the Administration console fine, but when I click on Server Group, and then double click on the Directory Server it prompts me for the Distinguished name and password. The status is showing as: Server status: Stopped Port: 636 The ports are listening fine: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 301/sshd tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN 1261/httpd tcp6 0 0 :::22 :::*LISTEN 301/sshd tcp6 0 0 :::636 :::*LISTEN 1196/ns-slapd tcp6 0 0 :::389 :::*LISTEN 1196/ns-slapd So am guessing it's probably due to when I enabled "Secure Connection" in the console :( Any thoughts please ? Not sure yet, but did you have a chance to see this section? http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information Thanks, Phil - On 15 Dec, 2015, at 19:01, Noriko Hosoi nho...@redhat.com wrote: On 12/15/2015 09:51 AM, Phil Daws wrote: Hello, I have 389 up and running in my lab, with encryption enabled, but when I connect too the Administration panel and double click on the Directory Server it just hangs. The CA certificate has been imported using: d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and Settings\phild\.389-console" -n "CA Certificate" -t CT,, -i d:\Downloads\CA-chain.pem -a Am I missing something obvious please ? Thanks, Phil -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org Administration URL starts with https? If you use Console on Fedora/RHEL, you have no problem? Thanks. -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
[389-users] Re: 389 Windows Console
Any thoughts on this please ? - On 20 Dec, 2015, at 16:02, Phil Daws ux...@splatnix.net wrote: > Hello, > > Have now got to the point where it says "Select a certificate to authenticate" > yet the drop down box is empty. > > If I check the NSS database it looks okay ? > > D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and > Settings\pmdaws\.389-console" -L > > Certificate Nickname Trust Attributes > SSL,S/MIME,JAR/XPI > > LAB CA Certificate CT,, > Phil Dawsp,p,p > > Seems as though the console is not picking them up :( > > Thanks, Phil > - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: > >> On 12/15/2015 11:40 AM, Phil Daws wrote: >>> Hello, >>> >>> Unfortunately I do not have a console under Fedora/RHEL. >>> >>> I can log into the Administration console fine, but when I click on Server >>> Group, and then double click on the Directory Server it prompts me for the >>> Distinguished name and password. The status is showing as: >>> >>> Server status: Stopped >>> Port: 636 >>> >>> The ports are listening fine: >>> >>> Active Internet connections (only servers) >>> Proto Recv-Q Send-Q Local Address Foreign Address State >>> PID/Program name >>> tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN >>> 301/sshd >>> tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN >>> 1261/httpd >>> tcp6 0 0 :::22 :::*LISTEN >>> 301/sshd >>> tcp6 0 0 :::636 :::*LISTEN >>> 1196/ns-slapd >>> tcp6 0 0 :::389 :::*LISTEN >>> 1196/ns-slapd >>> >>> So am guessing it's probably due to when I enabled "Secure Connection" in >>> the >>> console :( >>> >>> Any thoughts please ? >> Not sure yet, but did you have a chance to see this section? >> http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information >>> >>> Thanks, Phil >>> >>> >>> >>> - On 15 Dec, 2015, at 19:01, Noriko Hosoi nho...@redhat.com wrote: >>> On 12/15/2015 09:51 AM, Phil Daws wrote: > Hello, > > I have 389 up and running in my lab, with encryption enabled, but when I > connect > too the Administration panel and double click on the Directory Server it > just > hangs. The CA certificate has been imported using: > > d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and > Settings\phild\.389-console" -n "CA Certificate" -t CT,, -i > d:\Downloads\CA-chain.pem -a > > Am I missing something obvious please ? > > Thanks, Phil > > -- > 389 users mailing list > 389-users@%(host_name)s > http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org Administration URL starts with https? If you use Console on Fedora/RHEL, you have no problem? Thanks. -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org >>> -- >>> 389 users mailing list >>> 389-users@%(host_name)s >>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org >> -- >> 389 users mailing list >> 389-users@%(host_name)s >> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org > > -- > 389 users mailing list > 389-users@%(host_name)s > http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
[389-users] Re: 389 Windows Console
Hello, Have now got to the point where it says "Select a certificate to authenticate" yet the drop down box is empty. If I check the NSS database it looks okay ? D:\Scratch\firefox_add-certs\bin>certutil.exe -d "c:\Documents and Settings\pmdaws\.389-console" -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI LAB CA Certificate CT,, Phil Dawsp,p,p Seems as though the console is not picking them up :( Thanks, Phil - On 15 Dec, 2015, at 20:35, Noriko Hosoi nho...@redhat.com wrote: > On 12/15/2015 11:40 AM, Phil Daws wrote: >> Hello, >> >> Unfortunately I do not have a console under Fedora/RHEL. >> >> I can log into the Administration console fine, but when I click on Server >> Group, and then double click on the Directory Server it prompts me for the >> Distinguished name and password. The status is showing as: >> >> Server status: Stopped >> Port: 636 >> >> The ports are listening fine: >> >> Active Internet connections (only servers) >> Proto Recv-Q Send-Q Local Address Foreign Address State >> PID/Program name >> tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN >> 301/sshd >> tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN >> 1261/httpd >> tcp6 0 0 :::22 :::*LISTEN >> 301/sshd >> tcp6 0 0 :::636 :::*LISTEN >> 1196/ns-slapd >> tcp6 0 0 :::389 :::*LISTEN >> 1196/ns-slapd >> >> So am guessing it's probably due to when I enabled "Secure Connection" in the >> console :( >> >> Any thoughts please ? > Not sure yet, but did you have a chance to see this section? > http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information >> >> Thanks, Phil >> >> >> >> - On 15 Dec, 2015, at 19:01, Noriko Hosoi nho...@redhat.com wrote: >> >>> On 12/15/2015 09:51 AM, Phil Daws wrote: Hello, I have 389 up and running in my lab, with encryption enabled, but when I connect too the Administration panel and double click on the Directory Server it just hangs. The CA certificate has been imported using: d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and Settings\phild\.389-console" -n "CA Certificate" -t CT,, -i d:\Downloads\CA-chain.pem -a Am I missing something obvious please ? Thanks, Phil -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org >>> Administration URL starts with https? >>> >>> If you use Console on Fedora/RHEL, you have no problem? >>> >>> Thanks. >>> -- >>> 389 users mailing list >>> 389-users@%(host_name)s >>> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org >> -- >> 389 users mailing list >> 389-users@%(host_name)s >> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org > -- > 389 users mailing list > 389-users@%(host_name)s > http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
[389-users] Re: 389 Windows Console
On 12/15/2015 11:40 AM, Phil Daws wrote: Hello, Unfortunately I do not have a console under Fedora/RHEL. I can log into the Administration console fine, but when I click on Server Group, and then double click on the Directory Server it prompts me for the Distinguished name and password. The status is showing as: Server status: Stopped Port: 636 The ports are listening fine: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 301/sshd tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN 1261/httpd tcp6 0 0 :::22 :::*LISTEN 301/sshd tcp6 0 0 :::636 :::*LISTEN 1196/ns-slapd tcp6 0 0 :::389 :::*LISTEN 1196/ns-slapd So am guessing it's probably due to when I enabled "Secure Connection" in the console :( Any thoughts please ? Not sure yet, but did you have a chance to see this section? http://www.port389.org/docs/389ds/howto/howto-ssl.html#admin-server-tlsssl-information Thanks, Phil - On 15 Dec, 2015, at 19:01, Noriko Hosoi nho...@redhat.com wrote: On 12/15/2015 09:51 AM, Phil Daws wrote: Hello, I have 389 up and running in my lab, with encryption enabled, but when I connect too the Administration panel and double click on the Directory Server it just hangs. The CA certificate has been imported using: d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and Settings\phild\.389-console" -n "CA Certificate" -t CT,, -i d:\Downloads\CA-chain.pem -a Am I missing something obvious please ? Thanks, Phil -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org Administration URL starts with https? If you use Console on Fedora/RHEL, you have no problem? Thanks. -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org
[389-users] Re: 389 Windows Console
Hello, Unfortunately I do not have a console under Fedora/RHEL. I can log into the Administration console fine, but when I click on Server Group, and then double click on the Directory Server it prompts me for the Distinguished name and password. The status is showing as: Server status: Stopped Port: 636 The ports are listening fine: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 301/sshd tcp0 0 0.0.0.0:98300.0.0.0:* LISTEN 1261/httpd tcp6 0 0 :::22 :::*LISTEN 301/sshd tcp6 0 0 :::636 :::*LISTEN 1196/ns-slapd tcp6 0 0 :::389 :::*LISTEN 1196/ns-slapd So am guessing it's probably due to when I enabled "Secure Connection" in the console :( Any thoughts please ? Thanks, Phil - On 15 Dec, 2015, at 19:01, Noriko Hosoi nho...@redhat.com wrote: > On 12/15/2015 09:51 AM, Phil Daws wrote: >> Hello, >> >> I have 389 up and running in my lab, with encryption enabled, but when I >> connect >> too the Administration panel and double click on the Directory Server it just >> hangs. The CA certificate has been imported using: >> >> d:\Scratch\firefox_add-certs\bin>certutil -A -d "C:\Documents and >> Settings\phild\.389-console" -n "CA Certificate" -t CT,, -i >> d:\Downloads\CA-chain.pem -a >> >> Am I missing something obvious please ? >> >> Thanks, Phil >> >> -- >> 389 users mailing list >> 389-users@%(host_name)s >> http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org > Administration URL starts with https? > > If you use Console on Fedora/RHEL, you have no problem? > > Thanks. > -- > 389 users mailing list > 389-users@%(host_name)s > http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org -- 389 users mailing list 389-users@%(host_name)s http://lists.fedoraproject.org/admin/lists/389-users@lists.fedoraproject.org