[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SSL client certificate question and bdb_dn2id_matched question




> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org 
> [mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of 
> Tony Earnshaw


> The procedure for making a certificate signed by your own CA is:
> 
> 1: Make the CA cert. This you will use for signing;

I have found this http://www.linux-mag.com/2002-03/guru_02.html and this
http://www.openldap.org/lists/openldap-software/200109/msg00745.html 
They are using self-signed certificates. I have created them this way. I
also have choosen the right "cn" for the certificate. But nothing
changed. :-( 
Do self-signed certificates just work on hosts they were issued for? I
will try the CA-signature tomorrow. Where does the client (ldapsearch)
expect the CA-Cert?

However thanks for your effort,
Simon



Here is some output:
nagasaki:/usr/src/linux#  ldapsearch -H ldaps://soma.loge-23.ilm/ -x -b
"" -s base -d 127
ldap_create
ldap_url_parse_ext(ldaps://soma.loge-23.ilm/)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: soma.loge-23.ilm
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.5.101:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=soma.loge-23.ilm
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 14 bytes to sd 3
  0000:  30 0c 02 01 01 60 07 02  01 03 04 00 80 00
0....`........
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 60 07 02  01 03 04 00 80 00
0....`........
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: soma.loge-23.ilm  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Tue Jan 14 13:39:46 2003

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 1, all 1
ber_get_next
ldap_read: want=1, got=0

ber_get_next failed.
ldap_perror
ldap_bind: Can't contact LDAP server