[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: contact ldap via ssl - won't do

To: openLDAP-List <openldap-software@OpenLDAP.org>
Subject: Re: contact ldap via ssl - won't do
From: Christian Guenther <chris@blaue-elise.net>
Date: 20 Mar 2002 22:09:27 +0100
In-reply-to: <41774758.1016574564@localhost>
References: <1016551690.1367.2.camel@dorian.blaue-elise.net> <41774758.1016574564@localhost>

Ok,

first of all I'd like to thank everyone that answered my question,
but I have to admit you lost me :-(

I will try to explain what's going on in more detail. I started my
server with the command-line:

	daemon ${slapd} -u ldap -h '"ldap://0.0.0.0:389/ \
		ldaps://0.0.0.0:639/"' $OPTIONS $SLAPD_OPTIONS

from /etc/init.d/ldap

This is the way I read about in the german linux-magazin.

The certificate-file that I generated with my command contains
a RSA PRIVATE KEY and A CERTIFICATE. So I suppose that should be 
correct.

Maybe I just have the wrong port or so???

Please help,

	chris


Am Die, 2002-03-19 um 21.49 schrieb Norbert Klasen:
> 
> 
> --On Dienstag, 19. März 2002 16:28 +0100 Christian Guenther 
> <chris@blaue-elise.net> wrote:
> 
> > I created an ssl-certificate with
> >
> > 	openssl req -new -x509 -nodes -days 720 -out \
> > 	/etc/openldap/server.pem -keyout /etc/openldap/server.pem
> 
> Does this give a one file with both cert and key?
> 
> > and set up my /etc/init.d/ldap start-script accordingly
> > The ldap-server starts I as I said I can contact and query it on
> > the normal port, but NOT with SSL or TLS or whatever.
> 
> Did you add
> TLSCertificateFile      /etc/host.cert.pem
> TLSCertificateKeyFile   /etc/host.key.pem
> TLSCaCertificateFile    /etc/ca.cert.pem
> to slapd.conf?
> 
> Did you start slapd with "-h ldaps:///" ?
> 
> -- 
> Norbert Klasen, Dipl.-Inform.
> DAASI International GmbH                 phone: +49 7071 29 70336
> Wilhelmstr. 106                          fax:   +49 7071 29 5114
> 72074 Tübingen                           email: norbert.klasen@daasi.de
> Germany                                  web:   http://www.daasi.de
> 
> 
-- 
 __    __  __     __  __ ___    ___                      
|  |  |  ||  \   |  ||  |\  \  /  /              chris Guenther
|  |  |  ||   \  |  ||  | \  \/  /               chris@blaue-elise.net
|  |  |  ||  . \ |  ||  |  >    <                Wuppertal / Germany
|  |__|  ||  |\ \|  ||  | /  /\  \  
 \______/ |__| \____||__|/__/  \__\ 

UNIX _IS_ user friendly, it's just selective about who its friends are
  
----------------------------------------------------------------------
  UNIX was not designed to stop you from doing stupid things, 
  because that would also stop you from doing clever things.
                                                         ...Doug Gwyn
----------------------------------------------------------------------

Follow-Ups:
- Re: contact ldap via ssl - won't do
  - From: Todd Lyons <todd@mrball.net>

References:
- contact ldap via ssl - won't do
  - From: Christian Guenther <chris@blaue-elise.net>
- Re: contact ldap via ssl - won't do
  - From: Norbert Klasen <norbert.klasen@daasi.de>

Prev by Date: RE: Compiling on hp-ux 10.20
Next by Date: RE: Compiling on hp-ux 10.20
Index(es):
- Chronological
- Thread