Hi Chris,

A default database gets created anyway if I remember correctly so no need to recreate it. In myexperienceit best to do all changes to the cert database before you start the LDAP services. So if you make changes then restart the 389 directory server. You also need to set a password for the service to read the database if you have made the cert database password protected.

Regards

2011/10/19 Chris Cawley <cawley@wrlc.org>

### Starting ldap parts

groupadd -g 10000 ldap

useradd -u 10000 -g 10000 -d /home/ldap ldap

yum install 389-admin

yum install 389-adminutil 389-adminutil-devel \

389-ds-base 389-ds-base-devel 389-ds-base-libs

### Take defaults

/usr/sbin/setup-ds-admin.pl

chkconfig --levels 2345 dirsrv on

chkconfig --levels 2345 dirsrv-admin on

chkconfig --levels 2345 httpd on

### LDAP/SSL

cd /etc/dirsrv/slapd-ldap

certutil -N -d .

certutil -L -d .

At some point, the CA Builtin tokens are all gone.

- Chris

From: 389-users-bounces@lists.fedoraproject.org [mailto:389-users-bounces@lists.fedoraproject.org] On Behalf Of Gerhardus Geldenhuis
Sent: Wednesday, October 19, 2011 8:49 AM
To: General discussion list for the 389 Directory server project.
Subject: Re: [389-users] SSL Question

Hi Chris,

Not seen that before could you detail the steps you have taken thus far to get to the point you at now.

Regards

2011/10/19 Chris Cawley <cawley@wrlc.org>

Hello

We are in the process of setting up SSL on 389 ds; however,

it appears that the CA cert db is empty. The builtin tokens

are not even loaded. Any ideas why?

- Thanks

Chris Cawley

System Administrator

Washington Research Library Consortium

301-390-2049

cawley@wrlc.org


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Gerhardus Geldenhuis


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Gerhardus Geldenhuis