[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Cant make my ldap work with ssl...

Eloy Calzado wrote:
Hello all,
Sorry for posting another SSL/TLS problem. I've tried and tried to solve this problem myself, but I can't find the solution...
I have OpenLDAP 2.1.26-1 in a debian machine.
ldap works fine in normal mode (port 389) but i cann't make it work in ssl/tls mode.
I have created the certificates following the manual
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html (this one and others before)
entering my fqdn in "common name". I have created certs many times, always getting the same results. I have configured all the files, but I always get the same errors...
TLSCACertificateFile /var/lib/ldap-data/cacert.pem
TLSCertificateFile /var/lib/ldap-data/servercrt.pem
TLSCertificateKeyFile /var/lib/ldap-data/serverkey.pem
TLSVerifyClient demand
#TLSVerifyClient never

Just a guess but try appending ":RSA" to the TLSCipherSuite line.

Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956