[Date Prev][Date Next] [Chronological] [Thread] [Top]

trouble configure TLS in LDAP



Hi @all,

I've some trouble running TLS with LDAP:

At first I created on my Linux LDAP-Server a Certificate Authority with
CA.pl -newca
with the certification cacert.pem
The result of a check with 'CA.pl -verify cacert.pem' is 'OK'

After that I created a server certificate for my LDAP-Server with
CA.pl -newcert     -> newreq.pem
and signed it with the Cerificate Authority
CA.pl -signcert    -> newcert.pem
The result of a check with 'CA.pl -verify newcert.pem' is 'OK'

In a 3rd step I deleted the password in newreq.pem with
openssl rsa -in newreq.pem -out ldapkey.pem
Here is the first error when I try a check with
'CA.pl -verify ldapkey.pem' it says:
'unable to load certificate
18032:error:0906D06C:PEM routines:PEM_read_bio:no start 
line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE'

I made a chmod 777 on the keys, no influence. Has anyone an idea what I'm 
doing wrong ?


I also changed my slapd.conf with the entries:
TLSCertificateFile    /etc/openldap/newcert.pem
TLSCertificateKeyFile /etc/openldap/ldapkey.pem
TLSCACertificateFile /etc/openldap/cacert.pem

After restarting slapd a 'openssl s_client -connect localhost:389 -showcerts' 
results in:
'CONNECTED(00000003)
18034:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure:s23_lib.c:226:'


Any help would be appreciated,
does someone know a good Link for a 'cookbook' for TLS with LDAP ?

Thanks in advance,
Thomas