[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Can't get TLS working.
I tryed to test with ldapsearch, but it ignores ldap.conf somehow
(where CA certificate defined) and I always recieve
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self
signed certificate in certificate chain)
Tryed with ldapsearch -Z -d 1 -h ldap.domain.com
2010/9/16 Dieter Kluenter <dieter@dkluenter.de>:
> c0re <nr1c0re@gmail.com> writes:
>
>> # making clientkey
>> openssl genrsa -out client.key 2048
>> # making certificate request
>> openssl req -new -key client.key -out client.csr
>> # signing
>> openssl x509 -req -days 1024 -CA ../ssl/rootcrt.pem -CAkey
>> ../ssl/rootkey.pem -in client.csr -out client.crt -CAserial
>> ../ssl/root.seq
>>
>> # configuring on client
>> TLS_CACERT /usr/local/etc/openldap/ssl-client/rootcrt.pem
>> TLS_CERT /usr/local/etc/openldap/ssl-client/client.crt
>> and
>> TLS_KEY /usr/local/etc/openldap/ssl-client/client.key
>>
>> Trying again with slapd debug and client calling "id test"
>
> [...]
> As there are no obvious errors in the log you should get TLS properly
> working, prior to testing with pam. Just do a ldapsearch or a
> ldapwhoami either on uri ldaps:// or startTLS on ldap://
>
> -Dieter
>
> --
> Dieter Klünter | Systemberatung
> sip: 7770535@sipgate.de
> http://www.dpunkt.de/buecher/2104.html
> GPG Key ID:8EF7B6C6
>