Re: Only encrypt the ldap traffic

[Matthias Fechner <idefix@fechner.net>]

Hello Bernard,

* Bernard Massot <bmassot@free.fr> [22-09-03 13:30]:
> SASL is independant from SSL. For example I'm using clear texte
> authentication with SSL. Just read the doc about SSL stuff and do it.

I tried it in this following way:
my domain: dc=fechner,dc=net

-At first i created a CA with CA.pl -newca
-Than created key with: CA.pl -newreq
 At CN i inserted dc=fechner,dc=net
-than i signed the key with CA.pl -sign
-than i decrypt my key with:
 openssl rsa -in newreq.pem -out newreq.pem
 
In slapd.conf i have the following lines:
TLSCACertificateFile    /usr/local/ssl/ldap/cacert.pem
TLSCertificateFile      /usr/local/ssl/ldap/newcert.pem
TLSCertificateKeyFile /usr/local/ssl/ldap/newreq.pem

TLSVerifyClient demand

Than i want to test it with openssl:
openssl s_client -connect localhost:636 -showcerts
CONNECTED(00000003)
depth=1 /C=DE/ST=Bayern/L=Fuerstefeldbruck/O=FM-Data/CN=Matthias Fechner/emailAddress=idefix@fechner.net
verify error:num=19:self signed certificate in certificate chain
verify return:0
9240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40
9240:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:

It seems, that with the certificate something is wrong.
What did i wrong?

-- 
Bye
Matthias