[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SSL/TLS issue

To: "'Aaron Richton'" <richton@nbcs.rutgers.edu>
Subject: RE: SSL/TLS issue
From: "Darouichi, Aziz" <adarouic@post03.curry.edu>
Date: Mon, 15 Oct 2012 14:36:34 -0400
Accept-language: en-US
Acceptlanguage: en-US
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-language: en-US
In-reply-to: <alpine.SOC.2.02.1210151305060.4356@toolbox.rutgers.edu>
References: <2398337E30371A47B556742B49C7805B5BF4A10FA5@EXCCRMBX01.Currynet.local> <alpine.SOC.2.02.1210151144120.4356@toolbox.rutgers.edu> <2398337E30371A47B556742B49C7805B5BF4A10FA6@EXCCRMBX01.Currynet.local> <alpine.SOC.2.02.1210151204230.4356@toolbox.rutgers.edu> <2398337E30371A47B556742B49C7805B5BF4A10FA7@EXCCRMBX01.Currynet.local> <alpine.SOC.2.02.1210151305060.4356@toolbox.rutgers.edu>
Thread-index: Ac2q9/e0gAO5TP+gQp2PcU3MMGg3dgAAWgzg
Thread-topic: SSL/TLS issue

Aaron,

1 - I  made change as you indicated to ldap.conf to point to the cacert  file  "TLS_CACERT /opt/local/etc/openldap/cacert.pem"

2 - Sorry it was a typo 
3- the output ls -ld      " -rw-r--r-- 1 root root 3213 Oct 11 09:38 /opt/local/etc/openldap/cacert.pem"

Thanks,

Aziz

-----Original Message-----
From: Aaron Richton [mailto:richton@nbcs.rutgers.edu] 
Sent: Monday, October 15, 2012 1:11 PM
To: Darouichi, Aziz
Cc: openldap-technical@openldap.org
Subject: RE: SSL/TLS issue

On Mon, 15 Oct 2012, Darouichi, Aziz wrote:

> This is the link I followed to create the CA and sigh it
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#7.0

Did you read the "Note" at the top of that paper? Worth considering...

> if I run cert check from client using  the following
> openssl s_client -connect ldap-ssl.curry.edu:636 -CApath /opt/local/etc/openldap/cacert.pem

1. Again, did you really make a directory named "caert.pem"? Because if 
that's a file, I believe that should be -CAfile instead. (Same as I said 
that your TLS_CACERTDIR should probably be a TLS_CACERT ldap.conf 
directive.)

2. In your previous example it was "cacert.pem" but now I see "caert.pem". 
Whatever's actually on your filesystem -- make sure that you're using it, 
typo-free. It's unlikely that they're both correct.

Providing us the output of:

"ls -ld /opt/local/etc/openldap/caert.pem /opt/local/etc/openldap/cacert.pem"

might be helpful if this isn't clear.

References:
- SSL/TLS issue
  - From: "Darouichi, Aziz" <adarouic@post03.curry.edu>
- Re: SSL/TLS issue
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- RE: SSL/TLS issue
  - From: "Darouichi, Aziz" <adarouic@post03.curry.edu>
- RE: SSL/TLS issue
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- RE: SSL/TLS issue
  - From: "Darouichi, Aziz" <adarouic@post03.curry.edu>
- RE: SSL/TLS issue
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: Re: SSL/TLS issue
Next by Date: Generated fields from static rules ?
Index(es):
- Chronological
- Thread