[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up TLS Openldap

To: Dennis.Berger@nipsi.de
Subject: Re: setting up TLS Openldap
From: jimd@siu.edu
Date: Mon, 17 Sep 2001 09:50:59 -0500 (CDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3BA6083B.758EE503@nipsi.de>

Use the OpenSSL x509 command to verify your certificates, and the
OpenSSL s_client/s_server programs to test them (with and/or without
SLAPD).


On 17 Sep, Dennis Berger wrote:
> Hi,
> I have a main problem getting openldap 2.0.14 running. I will describe
> it.
> My System is FreeBSD-4.4-RELEASE. I installed the openldap2 port with
> this configureflags:
> ------------------------------
> CONFIGURE_ARGS= --localstatedir=/var/db \
>                 --with-threads \
>                 --enable-shared \
>                 --enable-dnssrv \
>                 --with-tls=openssl
> ------------------------------
> Next I edited the CA.pl and paste in the -nodes option to generate a
> certificate without passphrase.
> Then I run the following commands.
> ---------------
> CA.pl -newca
> CA.pl -newreq
> CA.pl -signreq
> mv newreq.pem ldapkey.pem
> chmod 0600 ldapkey.pem
> mv newcert.pem ldapcert.pem
> -----------------
> And add the following options in my slapd.conf
> ------------------
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCertificateFile /usr/local/etc/openldap/ldapcert.pem
> TLSCertificateKeyFile /usr/local/etc/openldap/ldapkey.pem
> TLSCACertificateFile /usr/local/etc/openldap/demoCA/cacert.pem
> ------------------
> If i now run "slapd -d 5 -h ldaps://0.0.0.0 ldap://0.0.0.0"; and try to
> connect through SSL I got the following errormessage
> -----------------------------
> slapd startup: initiated.
> slapd starting
> connection_get(10)
> connection_get(10): got connid=0
> connection_read(10): checking for input on id=0
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> connection_get(10)
> connection_get(10): got connid=0
> connection_read(10): checking for input on id=0
> TLS trace: SSL3 alert read:fatal:bad certificate
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate
> /usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s3_pkt.c:964
> 
> connection_read(10): TLS accept error error=-1 id=0, closing
> connection_closing: readying conn=0 sd=10 for close
> connection_close: conn=0 sd=10
> -----------------------------
> refer http://www.bolthole.com/solaris/LDAP.html
> 
> Netscape Error 0xFFFFFF or something
> 
> 
> What I'm doing wrong ... ?

References:
- setting up TLS Openldap
  - From: Dennis Berger <Dennis.Berger@nipsi.de>

Prev by Date: Ldap generating errors by itself? (OpenLDAP 2.0.11/OpenLDAP 2.0.14) Please help!
Next by Date: ldap V3 and european accent
Index(es):
- Chronological
- Thread