[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How do I check ssl/tls it's working



On Fri, 8 Aug 2003 at 4:45pm, cody wang wrote:

> Hi,
> 
> I just added SSL/TLS option, and how do I check that is working.
> 
> TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
> TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
> TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
> 

Well, you have two ways....

1) run ldapsearch -d -1 -ZZ ...  and check the output (you didn't say 
whether you are running 2.1 or 2.0 or (gods forbid) 1.x)

2) openssl s_client -connect HOST:636 -CAfile XXX -verify 5
	HOST is your LDAP server
	XXX is either the file with the CA that signed your server's
		certificate, or a bundle (like RedHat's ca-bundle.crt)
		that includes the CA that signed your server's cert.

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
                    === God Bless Us All ===