[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't get TLS working.



c0re <nr1c0re@gmail.com> writes:

> Sorry, forgot to mention that I've tested that certificates are OK.
>
> # starting slapd
>
> /usr/local/libexec/slapd -u ldap -d 1 -h ldaps:///
>
> # making test:
>
> openssl s_client -connect 127.0.0.1:636 -CAfile
> /usr/local/etc/openldap/ssl-client/root.crt -showcerts
>
> # output of test in openssl command:
[...]
> Certificate chain
>  0 s:/C=RU/ST=MSK/L=MSK/O=ORG/OU=IT/CN=ldap.domain.com
>   i:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com
> -----BEGIN CERTIFICATE-----
> <certificate>
> .....
> </certificate>
> -----END CERTIFICATE-----
>  1 s:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com
>   i:/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com
> -----BEGIN CERTIFICATE-----
> <certificate>
> .....
> </certificate>
> -----END CERTIFICATE-----
> ---
> Server certificate
> subject=/C=RU/ST=MSK/L=MSK/O=ORG/OU=IT/CN=ldap.domain.com
> issuer=/C=RU/ST=MSK/L=MSk/O=ORG/OU=IT/CN=ca.domain.com
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1811 bytes and written 462 bytes
> ---
[...]
>    Verify return code: 0 (ok)
[...]

Ther are no errors in certificate chain and the server cert has been
veryfied, so the  certificate chain is OK. Please check all relevant
configuration files that is /etc/openldap/ldap.conf, /etc/ldap.conf
and probably ~/.ldaprc for any TLS configuration.

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6