[Pkg-fedora-ds-maintainers] Bug#841477: Bug#841477: 389-ds-base: 389 directory server fails to start TLS/SSL
tjaalton at debian.org
Fri Oct 21 06:27:46 UTC 2016
On 21.10.2016 02:57, Michal Kaspar wrote:
> Package: 389-ds-base
> Version: 126.96.36.199-1
> Severity: important
> Dear Maintainer,
> After recent updates the 389 directory server fails to start SSL on port
> 636. The rest of server starts fine but in the logs, there is an error
> SSL alert: Security Initialization: Unable to create PinObj (Netscape Portable Runtime error -5977 - Failure to load dynamic library.)
> ERROR: SSL Initialization Failed. Disabling SSL.
> When I ran strace on ns-slapd, I've noticed it's missing file
> /etc/dirsrv/slapd-suffix/libnssckbi.so. After linking
> /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so from package libnss3 the
> error message changed to:
> SSL alert: Security Initialization: Unable to create PinObj (Netscape Portable Runtime error -8015 - The certificate/key database is in an old, unsupported format or failed to open.)
> I've checked the cert db with certutil -L -d /etc/dirsrv/slapd-suffix
> and it seems OK. The certificate is valid until the start of the
> november so I have no idea now, where the problem might be. Is it some
> libraries incompatibility or are there some other steps I can do to
> debug the issue.
> I'm running 389 server as a part of freeipa installation, so I'm now not
> able to issue different certificate to test, becouse the CA can't start
> without LDAP server running.
Yeah, I'm seeing the same :/ I'll ask upstream about it.
More information about the Pkg-fedora-ds-maintainers