Hi,
I'm running two instances with master/master replication with SSL . It worked fine so far then recently i noticed errors like this :
[21/Nov/2018:10:22:34.754594972 +0100] - DEBUG - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=ReplicationAgreement" (ldap02srv:636) - Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) (error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get certificate CRL)).
I also have noticed that some attributes replication does not work correctly. I have checked my certificate and i have no CRL defined in server's certificate.
Does someone can help ?
I’ve not seen thin issue before. Matus or Mark may have some better ideas. :S
On 21 Nov 2018, at 19:34, Olivier JUDITH gnulux@gmail.com wrote:
Hi,
I'm running two instances with master/master replication with SSL . It worked fine so far then recently i noticed errors like this :
[21/Nov/2018:10:22:34.754594972 +0100] - DEBUG - NSMMReplicationPlugin - bind_and_check_pwp - agmt="cn=ReplicationAgreement" (ldap02srv:636) - Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) (error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get certificate CRL)).
I also have noticed that some attributes replication does not work correctly. I have checked my certificate and i have no CRL defined in server's certificate.
Does someone can help ? _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
— Sincerely,
William
Hi,
I think it is because the crl of my certificate has expired but i don't understand how the server control this setting. I encountered the same problem on my production and staging systems . Where the CRL is set in 389 server ? I have to renew it . But the graphical interface for certificate doesn't work.
Regards
389-users@lists.fedoraproject.org