Antw: Re: OpenLDAP self-signed certificates issue

["Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>]

>>> Vijay Ganesan <vijay@thoughtspot.com> schrieb am 08.09.2014 um 03:45 in
Nachricht
<CAB+CZKA5UqdD2DqEERwMfHxyaB9hVGLyFZiSxDmxj3NuYpw_xw@mail.gmail.com>:
> Note the in generating the self-signed certificate I use "localhost" as the
> common name.

Why do you need to proove the identity of localhost? Did you understand what PKI is all about?

> 
> On Sun, Sep 7, 2014 at 2:20 PM, Vijay Ganesan <vijay@thoughtspot.com> wrote:
> 
>>
>> For SSL, I'm trying to install a self-signed certificate to OpenLDAP
>> (version 2.4.28 on Ubuntu 12.04). Followed the following steps:
>> *1. Created server certificate using:*
>> openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout
>> server.pem -days 365
>> *2. Added following entries to /usr/share/slapd/slapd.conf:*
>> TLSCACertificateFile server.pem
>> TLSCertificateFile server.pem
>> TLSCertificateKeyFile server.pem
>> *3. Restarted openldap:*
>> sudo /etc/init.d/slapd restart
>> *4. Tried to read the certs:*
>> openssl s_client -connect localhost:636 -showcerts
>> This causes the following error:
>> *CONNECTED(00000003)*
>> *140409289410208:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
>> failure:s23_lib.c:177:*
>> *---*
>> *no peer certificate available*
>> *---*
>> *No client certificate CA names sent*
>> *---*
>> *SSL handshake has read 0 bytes and written 213 bytes*
>> *---*
>> *New, (NONE), Cipher is (NONE)*
>> *Secure Renegotiation IS NOT supported*
>> *Compression: NONE*
>> *Expansion: NONE*
>> *---*
>>
>> Can someone help with what might be wrong in the setup?
>>
>> Thanks
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> - Vijay
>>
>>
>>
> 
> 
> -- 
> - Vijay