Hi Jerôme,
On Mon, 06 Apr 2009 18:49:53 +0200
Jerome Fenal <jfenal(a)redhat.com> wrote:
what are you trying to achieve ?
What are you using OpenLDAP for ? Publishing certs, or config LDAP
server ?
I'm trying to configure it as the "internal database" in the
configuration wizard : "Please provide information to an existing
Fedora Directory Server that can be used as the internal database for
this instance".
Digging a bit further, it seems the PKI CA subsystem doesn't accept the
LDAP server certificate:
No. Time Source
Destination Protocol Info
130 2009-04-06 18:34:20.537435 195.83.222.184
195.83.222.201 TLSv1 Alert (Level: Fatal, Description:
Unknown CA)
Frame 130 (73 bytes on wire, 73 bytes captured)
Ethernet II, Src: SunMicro_9a:98:68 (00:14:4f:9a:98:68), Dst: SunMicro_40:95:14
(00:14:4f:40:95:14)
Internet Protocol, Src: 195.83.222.184 (195.83.222.184), Dst: 195.83.222.201
(195.83.222.201)
Transmission Control Protocol, Src Port: 52794 (52794), Dst Port: ldaps (636), Seq: 73,
Ack: 3441, Len: 7
Secure Socket Layer
TLSv1 Record Layer: Alert (Level: Fatal, Description: Unknown CA)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Unknown CA (48)
So I guess I should add this CA as a trusted one in tomcat -- I've
already tried adding it to the default keystore, to no avail. Would I
have missed something ?
Simon