Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-05-03

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:48 ilbot3 joined #openam
01:48 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 12.0.0 is out! OpenAM 11.0.3 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
07:06 balo joined #openam
08:07 crabmeat joined #openam
08:52 aldaris joined #openam
10:23 ikonia hello all
10:23 ikonia aldaris: are you forgerock ? or just the owner of this channel
10:24 aldaris I work for forgerock, if that helps…
10:25 ikonia ahhh cool
10:25 ikonia the Bristol office ?
10:25 ikonia or London
10:27 aldaris brs
10:28 ikonia ahhh cool
10:29 ikonia while this is channel is aimed at Openam - I'm setting up a DJ pair with SSL ready for an openam backend, done this quite a few times before, but I'm hitting an issue setting up replication,
10:29 ikonia would it be acceptable to ask about the DJ component here as it's related to OpenAM
10:34 aldaris sure, why not
10:34 ikonia cool
10:35 ikonia I'm using the OpenDJ 2.6.1-2 rpm from forgerock, set it up with a trusted keystore, all works well, I use the dsreplication option to try to setup replication, I get prompted for the server name, keystore location and keystore password
10:35 ikonia all this is fine - as normal
10:36 ikonia however it claims it can't talk to the admin port
10:36 ikonia I can telnet to the admin port so the physical connection is there
10:36 ikonia if I do "status" and use cn=Directory Manager the password works
10:36 ikonia if I use cn=Directory Manager in the replication it doesn't work
10:36 ikonia I haven't setup the admin user yet, as I've not done the base replication setup yet
10:36 ikonia what am I missing ? why is the auth failing ?
11:41 MegaMatt joined #openam
12:29 aldaris joined #openam
13:00 aldaris joined #openam
13:52 ikonia is there anyway to verify why replication can't connect to the server to enable replication ?
13:52 MegaMatt log files?
13:53 ikonia where ?
13:53 ikonia it seems to be a user/auth type situation
13:53 MegaMatt Then it would say why it was denied
13:53 ikonia let me look, I may have missed it
13:55 aldaris joined #openam
13:58 ikonia it's something to do with the cert
13:58 ikonia [03/May/2015:13:58:14 +0000] DISCONNECT conn=2 reason="I/O Error" msg="An IO error occurred while reading a request from the client: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown"
13:59 ikonia they keystore it's using shows the cert though - so I don't know why "certificate unknown" is the error
14:00 MegaMatt I think it can throw that error if the chain isn’t in tact
14:01 MegaMatt You might have the certificate ,but not a full chain to a root cert
14:01 ikonia that would make sense, with the exception, the chain appears to be in tact
14:01 ikonia (doesn't mean I'm correct)
14:01 ikonia I've for the cert and the root ca that signed it
14:07 ikonia wrong CA cert it would see
14:07 ikonia seem
14:07 ikonia thank you
14:08 MegaMatt np
17:58 aldaris joined #openam
18:39 MegaMatt Aldaris - you around today?
18:59 ikonia he was around earlier
18:59 MegaMatt yah, I saw, no worries ;)
19:29 ikonia would any of you be free to check my cert process
19:30 ikonia I've got confirmed working certs with openssl - I change them to a p12 keystore, export the p12 keystore into the jks keyystore for opendj to use, but I'm still getting the certificate unknown issue
19:30 ikonia I've done this before without problem, so I can only think that I'm missing something that I've done before
19:31 ikonia certainly welcome a second pair of eyes, or just someone to check my process
20:42 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary