[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS server side auth problem
On 2 September 2003, peter pan <lanwanhr@yahoo.com> wrote:
>
> I still haven't made any progress on this. No one
> replied to my post below, is this because:
>
> - no one knows
> - my post is not appropriate in some way
> - I'm a berk for not spotting something obvious :)
>
> I can't move forward with our LDAP rollout until this
> is resolved - does any one have any suggestions?
>
> Pete.
>
> --- peter pan <lanwanhr@yahoo.com> wrote:
[...]
> > If I put the serverkey and servercert in the .ldaprc
> > file (I know this is for the client certs but as a
> > test..) then ldapsearch -ZZ -x -h <FQDN> works. If
> > I
> > take them out of .ldaprc it fails:
> >
> > [root@test root]# ldapsearch -ZZ -x -H
> > ldap://test.mydomain.com
> > ldap_start_tls: Connect error
> > additional info: error:14077410:SSL
> > routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> > handshake
> > failure
[...]
According to "man 5 ldap.conf":
: Some options are user-only. Such options are ignored if
: present in the ldap.conf (or file specified by LDAPCONF).
[...]
: TLS_CERT <filename>
: Specifies the file that contains the client cer
: tificate. This is a user-only option.
^^^^^^^^^^^^^^^^^^^^^^^^^^
: TLS_KEY <filename>
: Specifies the file that contains the private key
: that matches the certificate stored in the TLS_CERT
: file. Currently, the private key must not be pro
: tected with a password, so it is of critical impor
: tance that the key file is protected carefully.
: This is a user-only option.
^^^^^^^^^^^^^^^^^^^^^^^^^^
Regards,
Liviu Daia
--
Dr. Liviu Daia e-mail: Liviu.Daia@imar.ro
Institute of Mathematics web page: http://www.imar.ro/~daia
of the Romanian Academy PGP key: http://www.imar.ro/~daia/daia.asc