[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL/TLS - Help Please


I'm trying to make SSL/TLS connections with my LDAP server but i'm having difficulties. I follow the OpenLDAP SSL/TLS How-To.
I'm using Openldap v.2.1.22 and openSSL 0.9.7b

My server and client is on the same machine.

[miguel@estagio]# hostname -f

[miguel@estagio]# ping estagio
>PING estagio ( 56(84) bytes of data.
>64 bytes from estagio ( icmp_seq=1 ttl=64 time=0.094 ms

The Common Name(in certs) for client, server and CA is the same: estagio

I start my server with this command line: /usr/local/libexec/slapd -d9 -h "ldap:/// ldaps:///"

here is my slapd.conf:
#TLSVerifyClient try (depending in what i want, sometimes i put: demand or never)
TLSCACertificateFile /var/myca/cacert.pem
TLSCertificateFile /var/myca/servercrt.pem
TLSCertificateKeyFile /var/myca/serverkey.pem

My ldap.conf :
HOST estagio
PORT 636 TLS_CACERT /var/myca/estagio/cacert.pem

My .ldaprc (in my user's home)


                                         # client authentication
TLS_CERT /home/miguel/client.pem
TLS_KEY /home/miguel/client.key.pem

When i try this:
ldapsearch -x -D "cn=Manager,dc=uminho,dc=pt" '(objectclass=*)' -H ldaps://estagio -W

I got this error (in ldap server ):
TLS trace: SSL_accept:before/accept initialization
TLS: can't accept.
connection_read(13): TLS accept error error=-1 id=4, closing

and with this:
ldapsearch -x -D "cn=Manager,dc=uminho,dc=pt" '(objectclass=*)' -H ldaps://estagio -w "secret" -ZZ

i got the same error

I tried the testing commands (from the how to, and everything seams ok): openssl s_client -connect myserver.com:636 ...

Can anyone help? I'm forgeting something? I've read something about the environment variable LDAPNOINIT, is this necessary?

Best Regards