[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap-2.4.35 TLS/SSl



Do the Certificate CN matching to servername ?

Thanks


On Sat, Jun 29, 2013 at 12:31 AM, Darouichi, Aziz <adarouic@post03.curry.edu> wrote:

Hi,

 

 

I am trying to configure TLS/SSL and I  have a Cert from  Geotrust . I configure slapd.conf with the followings:

 

# TLS/SSL information

 

# TLSCipherSuite HIGH:MEDIUM:+SSLv2

TLSCACertificateFile   /opt/local/etc/openldap/GeoTrust_Global_CA.cer

TLSCertificateFile  /opt/local/etc/openldap/rhea.curry.edu.pem.cer

TLSCertificateKeyFile  /opt/local/etc/openldap/rhea.key.pem

 

But when I check the cert using      “openssl s_client -connect 192.168.60.43:636 -CApath /opt/local/etc/openldap/”  I get

CONNECTED(00000003)

140230373582504:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 321 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

 

I checked the log I see TLS connection

 

 




--
http://linuxmantra.com