[Date Prev][Date Next]
Re: Solaris 10 native Client with TLS to OpenLDAP
Am Mittwoch, den 08.10.2008, 08:08 +0200 schrieb John Gee:
> Thanks for your reply Dieter.
> On Tue, Oct 07, 2008 at 09:03:21PM +0200, Dieter Kluenter wrote:
> > John Gee <firstname.lastname@example.org> writes:
> > > -( solaris 10 - client )----
> > >
> > > # list cert-db
> > > certutil -L -d /var/ldap
> > > ca-cert CT,,
> > > ldap02.kleinfeld.ch C,,
> > > ldap01.kleinfeld.ch C,,
> > The server presents the server certificate (ldap01.kleinfeld.ch),
> > the ldap client presents the CA but the server expects a client
> > certificate. Change slapd.conf not to verfiy a client certificate.
I just had to switch to my Solaris box in order to test ldapclient. I'am
referring to your initial mail now.
with certutil you created a cerficate database which includes the server
certificates, these are presented to the ldap server as client
certificates. Remove this server certificates from the repository and
just leave the ca-cert in order to verify the server certificate. This
setup I just tested successfully on my Solaris box.