[Date Prev][Date Next]
Re: How do I check ssl/tls it's working
On Fri, 8 Aug 2003 at 4:45pm, cody wang wrote:
> I just added SSL/TLS option, and how do I check that is working.
> TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
> TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
> TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
Well, you have two ways....
1) run ldapsearch -d -1 -ZZ ... and check the output (you didn't say
whether you are running 2.1 or 2.0 or (gods forbid) 1.x)
2) openssl s_client -connect HOST:636 -CAfile XXX -verify 5
HOST is your LDAP server
XXX is either the file with the CA that signed your server's
certificate, or a bundle (like RedHat's ca-bundle.crt)
that includes the CA that signed your server's cert.
Frank Swasey | http://www.uvm.edu/~fcs
Systems Programmer | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
=== God Bless Us All ===