[Date Prev][Date Next]
RE: SSL client certificate question and bdb_dn2id_matched question
This seems to be a common problem.
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of
> Tony Earnshaw
> man, 2003-01-13 kl. 15:01 skrev Bradley Scutvick:
> > I'm new to the exciting world of ldap, I just got SSL working but I
> > still haven't connected completely to the server.
> CA, public and private key paths into slapd.conf. Path to
> private key MUST be readable ONLY by server UID. Path to
> public key MAY be read by all. Path to CA cert MUST be
> readable by all.
> If you don't know how to make CA-signed certs, yet have
> Apache/mod_ssl, use those certs. Likewise FreeS/WAN, but then
> you know how to, with a vengeance :)
I've read the folloing advisory. You might tell if this is right. If it
is, this is the answer for Bradley, if it is not, there might be a
answer for me:
I have created the key and the certificate (in one file) with:
openssl -req -new -x509 -nodes -days 730 -out ldap.pem -keyout ldap.pem
And i am using this file in slapd.conf as "TLSCertificateFile",
"TLSCertificateKeyFile" and "TLSCACertifikateFile".
And what's the problem:
I can query the LDAP-Server (ldapsearch) from the same host slapd is
running on. I also can reach it with Java-client "LDAP browser/editor"
from another host. However i cannot reach it from another host, using
"ldapsearch". The connection is beeing cancelled right after it is
The commandline i am using to query (on both hosts):
ldapsearch -H ldaps://soma.loge-23.ilm/ -x -b "" -s base -d 255
There is a more complete description of the problem in a message i