Replace SSL-cert Open Directory

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Replace SSL-cert Open Directory

Alexis Verbeke
Hi all,

I was having a mac os 10.9 server that had an expired self signed certificate.

What I did: I renewed the expired self signed cert using the Server.app and deleted the expired one.
The problem: Apparently, my OD Master is configured with that expired cert and is not starting up ad system launch, nor manually.
Error message:
> 2013-11-12 16:19:18.137 serveradmin[2668:507] servermgr_dirserv: received request to start the Directory Server
> 2013-11-12 16:19:18.167 serveradmin[2668:507] servermgr_dirserv: starting Directory Server deamons
> 2013-11-12 16:19:48.189 serveradmin[2668:507] servermgr_dirserv: Did not receive slapd startup notificaton
> 2013-11-12 16:19:48.237 serveradmin[2668:507] servermgr_dirserv: binding to ourselves
> 2013-11-12 16:19:48.565 serveradmin[2668:507] servermgr_dirserv: an error occurred when starting the Directory Server: Unable to bind to 127.0.0.1: Error: Connection failed to the directory server. (2100)
> dirserv:error = "Unable to bind to 127.0.0.1: Error: Connection failed to the directory server. (2100)\n"
> mini:~ ladmin$
Source of others with this issue: https://discussions.apple.com/thread/2619056?start=15&tstart=0

I was really impressed about the upgrade of mac os 10.6 server 10.9 and it worked without any problem… until the moment I renewed that certificate.

Thanks all for your useful help!

Alexis

Confidentiality : This e-mail and any attachments are confidential and may be privileged.
If you are not a named recipient, please notify the sender immediately and do not disclose the contents
to another person, use it for any purpose or store or copy the information in any medium.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Replace SSL-cert Open Directory

RICE, THOMAS
>Hi all,

>I was having a mac os 10.9 server that had an expired self signed certificate.

>What I did: I renewed the expired self signed cert using the Server.app and deleted the expired one.
>The problem: Apparently, my OD Master is configured with that expired cert and is not starting up ad system launch, nor >manually.
>Error message:
> 2013-11-12 16:19:18.137 serveradmin[2668:507] servermgr_dirserv:
> received request to start the Directory Server
> 2013-11-12 16:19:18.167 serveradmin[2668:507] servermgr_dirserv:
> starting Directory Server deamons
> 2013-11-12 16:19:48.189 serveradmin[2668:507] servermgr_dirserv: Did
> not receive slapd startup notificaton
> 2013-11-12 16:19:48.237 serveradmin[2668:507] servermgr_dirserv:
> binding to ourselves
> 2013-11-12 16:19:48.565 serveradmin[2668:507] servermgr_dirserv: an
> error occurred when starting the Directory Server: Unable to bind to 127.0.0.1: Error: Connection failed to the directory server. (2100) dirserv:error = "Unable to bind to 127.0.0.1: Error: Connection failed to the directory server. (2100)\n"
> mini:~ ladmin$
Source of others with this issue: https://discussions.apple.com/thread/2619056?start=15&tstart=0

>I was really impressed about the upgrade of mac os 10.6 server 10.9 and it worked without any problem… until the moment I >renewed that certificate.

>Thanks all for your useful help!

I haven't done it past a 10.6 machine and never with a self signed cert, but the one thing in common with all versions of server that I used thus far is that deleting the cert through the admin tools isn't all that effective. It still exists on the system meaning the new one never gets fully trusted. I've always had to go into Keychain, after using the server tools, and delete any references to it there first and then add it back, trusting it as necessary. Something to check at any rate.

tom



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      ([hidden email])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/macos-x-server/lists%2Bs10970n2h62%40n7.nabble.com

This email sent to [hidden email]