[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL Configuration for LDAP



Shouldn't you use distinct files, eg, server.crt and server.key?

On 06/07/02, I received this from test@newpanel.com:
> In my slapd.conf i have :
> 
> TLSCertificateFile      /usr/local/ssl/certs/server.pem
> TLSCertificateKeyFile   /usr/local/ssl/certs/server.pem
> 
> 
> When i use
> ldapsearch -x -H 'ldaps://ldap.mydomain.com' -b 'ou=company, 
> dc=mydomain, dc=com'
> i have a good result
> 
> if i use AddressBook in Netscape with Port : 636
> I have an error an no result
> 
> debug of slapd is like that :
> 
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 9r
> daemon: read activity on 9
> connection_get(9): got connid=2
> connection_read(9): checking for input on id=2
> TLS trace: SSL3 alert read:fatal:bad certificate
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad 
> certificate s3_pkt.c:1031
> connection_read(9): TLS accept error error=-1 id=2, closing
> connection_closing: readying conn=2 sd=9 for close
> 
> Have you an idea ?
> Thanks
> 
> 
> 
> 

-- 

Mark Johnson
markj@gilanet.com
office: (505)534-4099
mobile: (505)590-1152
home: (505)388-3840
address: POBox 53145, Pinos Altos, NM 88053-3145