do you have ethereal or some other sniffer? if that sees the traffic as invalid LDAP traffic or can decode it, then your data is covered by SSL...
-----Original Message-----
From: Susanne Benkert [mailto:benkerts@emt.iis.fhg.de]
Sent: Friday, November 30, 2001 10:28 AM
To: Stig Venaas
Cc: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP with tsl/ssl
Thank you for your fast reply.
Stig Venaas wrote:
> > I have already tried this on the LDAP-Server itself: ldapsearch -ZZ -d
> > 127 "cn=*" - but it seems, that only parts of the traffic are encypted.
>
> What you see in clear text is perhaps just the server certificate?
I don't think so, because I can read my LDAP-entries in cleartext in the
debug output. But there is no error message which shows than somethimng
with TLS went wrong. *?*
> I did as follows:
>
> I created my own certificate for CA and then created a certificate
> for the LDAP server where CN in the certificate is the same as the
> FQDN of the LDAP server (ldap.testfirma.de or something). See how
> at http://www.raphinou.com/ldaps/LDAP-SSL.HOWTO
Nearly the same did I.
But I have (a quite stupid) question: What means the "FQDN" of the
Server? My server-root (base) of the ldap directory is
"ou=abteilung,ou=institut,o=organisation,c=de" and my server "host04".
Is the NQDN in this case "host04.abteilung.institut,organisation,de"? I
only used "host04" as Common Name in the Certificate. Could this be my
mistake?
Have a nice day.
Susanne