[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS: private key mismatch Error (or problem)

Peter Marschall wrote:


On Saturday 02 July 2005 01:41, Alvaro Poole wrote:

Hi, I´m having problems configuring Openldap with TLS/SSL. First of
all, I´m trying to put a server certificate, so I create a certificate
with OpenSSL with the next line:

openssl req -newkey rsa:1024 -x509 -nodes -out ldapcert.pem -keyout
ldapcert.pem -days 365

After this, I configured my slapd.conf with the next lines (but
before, I copied ldapcert.pem to slapd.conf directory):

TLSCACertificateFile ldapcert.pem
TLSCertificadteFile ldapcert.pem
TLSCertificateKeyFile ldapcert.pem

Apart from the typo that Samuel Tra already reported, it may be a problem that you use the CA certificate as the server certificate.
IIRC OpenLDPA requires the server certificate to be different from the CA certificate.
The OpenLDAP FAQ gives more details about how to use TLS/SSL with OpenLDAP:



Also note that when you create certificate, you have to use the FQDN as Common name,
for the server you are going to run OpenLDAP on.

For details refer to http://www.proscrutiny.com/howtos/OpenLDAP.html
Read section "Configuring OpenLDAP with ssl/tls"


Sameer N. Ingole
Better to light one candle than to curse the darkness.