[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS: private key mismatch Error (or problem)

Peter Marschall wrote:

On Saturday 02 July 2005 01:41, Alvaro Poole wrote:
Hi, I´m having problems configuring Openldap with TLS/SSL. First of
all, I´m trying to put a server certificate, so I create a certificate
with OpenSSL with the next line:

openssl req -newkey rsa:1024 -x509 -nodes -out ldapcert.pem -keyout
ldapcert.pem -days 365

After this, I configured my slapd.conf with the next lines (but
before, I copied ldapcert.pem to slapd.conf directory):

TLSCACertificateFile ldapcert.pem
TLSCertificadteFile ldapcert.pem
TLSCertificateKeyFile ldapcert.pem

Apart from the typo that Samuel Tra already reported, it may be a problem that you use the CA certificate as the server certificate.
IIRC OpenLDPA requires the server certificate to be different from the CA certificate.
We *recommend* it, as that is how X.509 is intended to be used. But it is not a *requirement* - there's nothing preventing you from using the CA cert as the server cert, as long as you create the certificate correctly and configure the server and clients correctly. However, in most cases doing so is foolish; it also makes certificate management much harder as soon as you have more than one server.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support