[Date Prev][Date Next] [Chronological] [Thread] [Top]

setting up TLS Openldap

To: openldap-software@OpenLDAP.org
Subject: setting up TLS Openldap
From: Dennis Berger <Dennis.Berger@nipsi.de>
Date: Mon, 17 Sep 2001 16:27:07 +0200

Hi,
I have a main problem getting openldap 2.0.14 running. I will describe
it.
My System is FreeBSD-4.4-RELEASE. I installed the openldap2 port with
this configureflags:
------------------------------
CONFIGURE_ARGS= --localstatedir=/var/db \
                --with-threads \
                --enable-shared \
                --enable-dnssrv \
                --with-tls=openssl
------------------------------
Next I edited the CA.pl and paste in the -nodes option to generate a
certificate without passphrase.
Then I run the following commands.
---------------
CA.pl -newca
CA.pl -newreq
CA.pl -signreq
mv newreq.pem ldapkey.pem
chmod 0600 ldapkey.pem
mv newcert.pem ldapcert.pem
-----------------
And add the following options in my slapd.conf
------------------
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/ldapcert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ldapkey.pem
TLSCACertificateFile /usr/local/etc/openldap/demoCA/cacert.pem
------------------
If i now run "slapd -d 5 -h ldaps://0.0.0.0 ldap://0.0.0.0"; and try to
connect through SSL I got the following errormessage
-----------------------------
slapd startup: initiated.
slapd starting
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10)
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL3 alert read:fatal:bad certificate
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate
/usr/src/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s3_pkt.c:964

connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10
-----------------------------
refer http://www.bolthole.com/solaris/LDAP.html

Netscape Error 0xFFFFFF or something


What I'm doing wrong ... ?

Follow-Ups:
- Re: setting up TLS Openldap
  - From: jimd@siu.edu

Prev by Date: Re: Schema Check v3 [1.2.14]
Next by Date: Ldap generating errors by itself? (OpenLDAP 2.0.11/OpenLDAP 2.0.14) Please help!
Index(es):
- Chronological
- Thread