[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Enabling TLS problem on openldap2-2.3.39



--On Friday, November 16, 2007 5:01 PM -0800 "Keagle, Chuck" <chuck.keagle@boeing.com> wrote:

I'm configuring slapd to use TLS.  First I just want to make it work,
then I'll go into requiring encryption.

The system is SLES 9.3
The openldap2 is 2.3.39
Other certifictes are in /etc/ssl/certs as specified by default in
slapd.conf for openldap2 2.3.39.

The database is currently empty, just getting started.

Generated a self-signed x509 certificate
	cd /etc/openldap
	openssl genrsa 1024 >server.key
	chmod 0440 server.key
	chown root:ldap server.key
	openssl req -new -key server.key -x509 -days 100 -out server.crt
		Entered all the important stuff
	chmod 0444 server.crt

Checked certificate and it looked acceptable
	openssl x509 -text -in server.crt

Changed following lines in slapd.conf:
	TLSCertificateFile /etc/openldap/server.crt
	TLSCertificateKeyFile /etc/openldap/server.key


You failed to set the CA Cert directive in slapd.conf, so it has no way of presenting its CA cert.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration