[Date Prev][Date Next] [Chronological] [Thread] [Top]

Slapd, GNUTLS on Debian/Squeeze

To: openldap-technical@openldap.org
Subject: Slapd, GNUTLS on Debian/Squeeze
From: David Dumortier <d.dumortier@free.fr>
Date: Fri, 20 May 2011 11:50:05 +0200
Content-disposition: inline
Old-return-path: <dudumortier@free.fr>
User-agent: Mutt/1.5.20 (2009-06-14)

Hi everybody,

I try to setup a slapd with TLS.
ldd /usr/sbin/slapd returns gnutls.so as waited.

I generated a self-signed certificate with these options :
certtool --generate-privkey --outfile /etc/ldap/ssl/mykey.key
certtool --generate-request --load-privkey /etc/ldap/ssl/mykey.key --outfile
/etc/ldap/ssl/mycsr.csr

		Basic Constraints (critical):
			Certificate Authority (CA): TRUE
		Key Purpose (not critical):
			TLS WWW Client.
			TLS WWW Server.
			Code signing.
			OCSP signing.
			Time stamping.
		Key Usage (critical):
			Digital signature.
			Key encipherment.
			Certificate signing.
			CRL signing.

My slapd start but when I try a debug I have :
# gnutls-cli-debug -p 636 myip
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... failed
Checking for TLS 1.0 support... no
Checking for SSL 3.0 support... no

Server does not support any of SSL 3.0, TLS 1.0 and TLS 1.1

Here is my slapd conf :
olcTLSVerifyClient: demand
olcTLSCertificateFile: /etc/ldap/ssl/mycsr.csr
olcTLSCertificateKeyFile: /etc/ldap/ssl/mykey.key

Any help would be appreciate
-- 
David Dumortier

Follow-Ups:
- Re: Slapd, GNUTLS on Debian/Squeeze
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: Slapd, GNUTLS on Debian/Squeeze
  - From: David Dumortier <d.dumortier@free.fr>
- Re: Slapd, GNUTLS on Debian/Squeeze
  - From: Reinaldo de Carvalho <reinaldoc@gmail.com>

Prev by Date: Re: syncrepl unbinds every 24 hours
Next by Date: Re: Issue while Centralizing SUDO with OpenLDAP
Index(es):
- Chronological
- Thread