[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Why TLS is always fail with OpenLdap 2.4.11
I have to get help from here , because I was struggling with TLS configuration for weeks.
during those days , I searched google include this list , still cant pass ,my god.
Does anyone could provide some guide on how to configure the openldap TLS connection with step by step, so can reduce our pain ?
Here I expose the step and try to get help from the senior ldap engineer.
1. installed openldap with-tls=openssl
I add the openssl specially to avoid use gnutls, sometimes, openldap will goto find gnutls if c header is there
install and start slapd succesfully.
2. using ldapsearch -v -h 10.192.183.73 -b "dc=example,dc=com" -s base "objectclass=*"
I can get the listed information from openldap server, that is ok
3. now go for certificate genearation with numerous guide in google , but not fit to pass for me
3.1 cd /var/myca
/usr/local/ssl/misc/CA.sh -newCA
then will generate demoCA, and cacert.pem is there, that is ok
3.2 /usr/local/ssl/misc/CA.sh -newreq
newkey.pem newreq.pem
notes : I am using 10.192.183.73 as the common name, is there any issue here?
3.3 /usr/local/ssl/misc/CA.sh -sign
then you got newcert.pem
now copy into /var/ldap and try to insert into slapd and restart
TLSCipherSuite MEDIUM:+TLSv1+SSL3+SSL2
TLSCertificateFile /var/ldap/newcert.pem
TLSCertificateKeyFile /var/ldap/newkey.pem ( some guide said should be newreq.pem)
TLSCACertificateFile /var/ldap/cacert.pem
4. ftp cacert.pem into client and copy into /var/myca
using s-client to test at first
penssl s_client -connect
10.192.183.73:389 -showcerts -state -CAfile /var/myca/cacert.pem -tls1
you will got the error always
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:failed in SSLv3 read server hello A
14719:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
could any kind man to give some help to save me?
--
Hunter