[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL problem - unsupported certificate

Subject: Re: TLS/SSL problem - unsupported certificate
From: Tony Earnshaw <tonni@hetnet.nl>
Date: Wed, 11 Apr 2007 05:36:25 +0200
Cc: openldap-software@openldap.org
In-reply-to: <b29e0c790704100820y315af7abo956846e47f10f637@mail.gmail.com>
References: <b29e0c790704100820y315af7abo956846e47f10f637@mail.gmail.com>
User-agent: Thunderbird 2.0.0.0 (X11/20070326)

Antonio Camacho wrote, on 10. apr 2007 17:20:

[...]

My slapd.conf configuration:
#
TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA
TLSCertificateFile /etc/openldap/cacerts/master.pem
TLSCertificateKeyFile /etc/openldap/cacerts/master- key.pem
TLSCACertificateFile /etc/openldap/cacerts/cacert.pem


Don't use this:

TLSVerifyClient demand
#

My ldap.conf configuration:
#
Base=mydomain
SIZELIMIT       0
TIMELIMIT       0
TLS_CACERT /etc/openldap/cacerts/cacert.pem


Don't use these:

TLS_CERT /etc/openldap/cacerts/master.pem
TLS_KEY  /etc/openldap/cacerts/master-key.pem
TLS_REQCERT demand

My .ldaprc configuration:


~/.ldaprc is redundant; scrap it.

#
TLS_CACERT /etc/openldap/cacerts/cacert.pem
TLS_CERT /etc/openldap/cacerts/master.pem
TLS_KEY  /etc/openldap/cacerts/master-key.pem
TLS_REQCERT demand


For the rest things look ok.

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

Follow-Ups:
- Re: TLS/SSL problem - unsupported certificate
  - From: Howard Chu <hyc@symas.com>

References:
- TLS/SSL problem - unsupported certificate
  - From: "Antonio Camacho" <antcam@gmail.com>

Prev by Date: UPDATE: slapo-ppolicy container question
Next by Date: Re: TLS/SSL problem - unsupported certificate
Index(es):
- Chronological
- Thread