Wartbarkeit, Stabilität und Effektivität

Fehlermeldung

Warning: file_exists(): open_basedir restriction in effect. File(/simple_html_dom.php) is not within the allowed path(s): (/var/lib/nginx/tmp/client:/var/www:/usr/bin:/dev/urandom:/proc/meminfo:/var/log/php) in _simplhtmldom_get_library_path() (Zeile 27 von sites/all/modules/simplehtmldom/helper.inc).

389 Directory Server with SSL

2011-06 20
Mo, 2011-06-20 14:34 -- mig

/etc/dirsrvadmin-serv$assecdirslapd-localhost$secdir

(ps -ef ; w ) | sha1sum | awk '{print $1}' > $secdir/pwdfile.txt
(w ; ps -ef ; date ) | sha1sum | awk '{print $1}' > $secdir/noise.txt
  1. key3.dbcert8.db
certutil -N -d $secdir -f $secdir/pwdfile.txt
certutil -G -d $secdir -z $secdir/noise.txt \
-f $secdir/pwdfile.txt
( echo y ; echo ; echo y ) | certutil -S -n \
"CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 \
-d $secdir -z $secdir/noise.txt -f $secdir/pwdfile.txt -2
certutil -L -d $secdir -n "CA certificate" -a \
> $secdir/cacert.asc
certutil -S -n "Server-Cert" \
 -s "cn=$myhost,ou=389 Directory Server" -c "CA certificate" \
-t "u,u,u" -m 1001 -v 120 -d $secdir -z $secdir/noise.txt \
-f $secdir/pwdfile.txt
certutil -S -n "server-cert" \
-s "cn=$myhost,ou=389 Administration Server" -c "CA certificate" \
-t "u,u,u" -m 1002 -v 120 -d $secdir -z $secdir/noise.txt \
-f $secdir/pwdfile.txt
pk12util -d $secdir -o $secdir/adminserver.p12 \
-n server-cert -w $secdir/pwdfile.txt -k $secdir/pwdfile.txt
  1. pin
echo 'Internal (Software) Token:'$(cat $secdir/pwdfile.txt) \
> $secdir/pin.txt
    certutil -N -d $assecdir -f $secdir/pwdfile.txt
 
pk12util -d $assecdir -n server-cert -i $secdir/adminserver.p12 \
-w $secdir/pwdfile.txt -k $secdir/pwdfile.txt
certutil -A -d $assecdir -n "CA certificate" -t "CT,," -a -i $secdir/cacert.asc
echo 'internal:'$(cat $secdir/pwdfile.txt) > $assecdir/password.conf
cd $assecdir
sed -e "s@^NSSPassPhraseDialog .*@NSSPassPhraseDialog \
file:$(pwd)/password.conf@" \
nss.conf > /tmp/nss.conf && mv /tmp/nss.conf nss.conf
ldapmodify -x -h localhost -p $ldapport -D "cn=directory manager" -W <<EOF
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: allowed
-
add: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,
 +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+fortezza,
 +fortezza_rc4_128_sha,+fortezza_null,+tls_rsa_export1024_with_rc4_56_sha,
 +tls_rsa_export1024_with_des_cbc_sha
 
dn: cn=config
changetype: modify
add: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
-
replace: nsslapd-secureport
nsslapd-secureport: 636
 
dn: cn=RSA,cn=encryption,cn=config
changetype: add
objectclass: top
objectclass: nsEncryptionModule
cn: RSA
nsSSLPersonalitySSL: Server-Cert
nsSSLToken: internal (software)
nsSSLActivation: on
 
EOF

certutil -L -d $assecdir 
Certificate Nickname                                 Trust Attributes
                                                     SSL,S/MIME,JAR/XPI
 
server-cert                                          u,u,u
CA certificate                                       CT,, 
certutil -K -d $assecdir/ -f $sec/pwdfile.txt
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa      1ae87c956dacc7660f54e5df4fc84f2d8dba9087   server-cert

certutil -L -d $secdir
Certificate Nickname                                 Trust Attributes
                                                     SSL,S/MIME,JAR/XPI
 
CA certificate                                       CTu,u,u
server-cert                                          u,u,u
Server-Cert                                          u,u,u
certutil -K -d $sec -f $sec/pwdfile.txt
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa      d4f0455375123825d775398fabf47ebc72daacd9   (orphan)
< 1> rsa      bde07c7c5fa9daf52604d4a5010990257d0430e8   NSS Certificate DB:Server-Cert
< 2> rsa      1ae87c956dacc7660f54e5df4fc84f2d8dba9087   NSS Certificate DB:server-cert
< 3> rsa      dad82b3c03db5b3c632d7c329e4a9389ac2eaa1f   NSS Certificate DB:CA certificate
Tags: