[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help SSL on Openldap and java

To: openldap-technical@openldap.org
Subject: Re: help SSL on Openldap and java
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Thu, 10 Jun 2010 12:25:10 +0200
In-reply-to: <AANLkTin7qqc1CzFNbQbVYAqsJEzGueJYXFsumB8cLsvY@mail.gmail.com> (s. g.'s message of "Wed, 9 Jun 2010 16:29:43 -0700")
References: <AANLkTimZNjiNu7i8CIWzrTM6LtDxntsOwcOfTG38CvW5@mail.gmail.com> <AANLkTikndSZJAaC9Ha8vhLsDjBtIr0D5oEuEkOyy-Iz1@mail.gmail.com> <AANLkTin7qqc1CzFNbQbVYAqsJEzGueJYXFsumB8cLsvY@mail.gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

s g <sirisha.kmb@gmail.com> writes:

> Thanks for replying. I was a bit occupied, so I could not back soon. Going by your mail, I went through
> the certificate generation process again. What I found is that for some reason, the cacert.pem file
> (which is the certificate for the CA) shows the following -
>  X509v3 extensions:
>             X509v3 Basic Constraints:
>                 CA:FALSE
> I am attaching the steps I followed and the certificate files generated as per the tutorial
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#4.2.

Did you read the note on top of this paper?
>
> Shouldn't the above field be CA:true? Also, how do I make sure that the flag that you mentioned below
> gets set to "SSL server".

edit openssl.cnf accordingly, or use tinyCA to create a certificate
chain
http://tinyca.sm-zone.net/index.html

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

References:
- Re: help SSL on Openldap and java
  - From: s g <sirisha.kmb@gmail.com>

Prev by Date: TLS Connection Failure
Next by Date: Re: Communicate from php/apache to openLDAP over LDAPS
Index(es):
- Chronological
- Thread