[Date Prev][Date Next]
RE: Enabling TLS problem on openldap2-2.3.39
--On November 19, 2007 10:36:36 AM -0800 "Keagle, Chuck"
Be default, the SLES 9.3 slapd.conf defines the CA Cert like this:
You didn't include that in your posted configuration, however. Always
provide all of the relevant details.
That directory has lots of pem files in it with x509 symbolic links:
ls -C /etc/ssl/certs
052eae11.0 6f5d9899.0 d4e39186.0 ICE-root.pem timCA.pem
18d46017.0 73912336.0 ddc328ff.0 ICE-user.pem tjhCA.pem
1e49180d.0 7651b327.0 dsa-ca.pem ICP-Brasil.pem vsign1.pem
1ef89214.0 8c401b31.0 dsa-pca.pem nortelCA.pem vsign2.pem
1f6c59cd.0 8caad35e.0 Equifax-root1.pem pca-cert.pem vsign3.pem
24867d38.0 91b8190d.0 expired RegTP-4R.pem vsignss.pem
2edf7016.0 a99c5886.0 f3e90025.0 RegTP-5R.pem vsigntca.pem
3ecf89a3.0 adbec561.0 f73e89fd.0 RegTP-6R.pem YaST-CA.pem
594f1775.0 b5f329fa.0 factory.pem rsa-cca.pem
69ea794f.0 c33a80d4.0 ICE-CA.pem thawteCb.pem
6bee6be3.0 ca-cert.pem ICE.crl thawteCp.pem
I think CA certs is set up correctly. Am I wrong about that?
As I recall, you said you used a self-signed cert. Is the CA cert that you
used to sign it in /etc/ssl/certs? Is there an X509 hash for it in
/etc/ssl/certs? If not, then no, it isn't set up correctly.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration