directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cody Herriges <c.a.herri...@gmail.com>
Subject Java keystone issues in 2.0.0-M7
Date Tue, 12 Jun 2012 03:57:32 GMT
I am pretty close to a fully functional set of puppet modules to set up ApacheDS with one hitch,
ApacheDS fails to start when using my own keystore.  I get the following error '[20:51:35]
ERROR [org.apache.directory.server.ApacheDsService] - Cannot start the server : ERR_683 Failed
to create a SSL context.'  You will see below the values of ads-keystoreFile and ads-certificatePassword.
 After the ldif you will find the print out of a -list from keytool.  I haven't seen anything
in the configuration schemas to indicate that I have forgotten something.  Ideas?

dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
ads-transports: ldap
ads-transports: ldaps
ads-serverid: ldapServer
ads-searchbasedn: ou=users,ou=system
ads-replreqhandler: org.apache.directory.server.ldap.replication.provider.SyncReplRequestHandler
ads-enabled: TRUE
ads-saslprincipal: ldap/ldap.example.com@EXAMPLE.COM
ads-saslrealms: example.com
ads-saslrealms: apache.org
objectclass: ads-server
objectclass: ads-ldapServer
objectclass: ads-dsBasedServer
objectclass: ads-base
objectclass: top
ads-saslmechhandlers: CRAM-MD5
ads-saslmechhandlers: DIGEST-MD5
ads-saslmechhandlers: GSS-SPNEGO
ads-saslmechhandlers: GSSAPI
ads-saslmechhandlers: NTLM
ads-saslmechhandlers: SIMPLE
ads-confidentialityrequired: FALSE
ads-maxsizelimit: 1000
ads-maxtimelimit: 15000
ads-extendedophandlers: gracefulShutdownHandler
ads-extendedophandlers: starttlshandler
ads-extendedophandlers: storedprochandler
ads-saslhost: ldap.dc1.puppetlabs.net
ads-keystoreFile: /etc/apacheds/apacheds.jks
ads-certificatePassword: password

==

keytool -list -keystore /etc/apacheds/apacheds.jks -storepass password

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

startcom_certification_authority, Jun 11, 2012, trustedCertEntry,
Certificate fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
startssl_sub.class1.server.ca, Jun 11, 2012, trustedCertEntry,
Certificate fingerprint (MD5): 30:B0:5A:F7:B2:F4:BE:0C:28:67:15:EA:CC:5B:24:20
yellow.dc1.puppetlabs.net, Jun 11, 2012, PrivateKeyEntry, 
Certificate fingerprint (MD5): C3:CF:0E:DC:61:D6:F0:4C:54:E3:D7:F2:BE:DF:E0:BD


--
Cody Herriges
Operations Engineer - Puppet Labs
pgp key: 0x5DB77142 @ pgp.mit.edu







Mime
View raw message