[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Only encrypt the ldap traffic
Hello Bernard,
* Bernard Massot <bmassot@free.fr> [22-09-03 13:30]:
> SASL is independant from SSL. For example I'm using clear texte
> authentication with SSL. Just read the doc about SSL stuff and do it.
I tried it in this following way:
my domain: dc=fechner,dc=net
-At first i created a CA with CA.pl -newca
-Than created key with: CA.pl -newreq
At CN i inserted dc=fechner,dc=net
-than i signed the key with CA.pl -sign
-than i decrypt my key with:
openssl rsa -in newreq.pem -out newreq.pem
In slapd.conf i have the following lines:
TLSCACertificateFile /usr/local/ssl/ldap/cacert.pem
TLSCertificateFile /usr/local/ssl/ldap/newcert.pem
TLSCertificateKeyFile /usr/local/ssl/ldap/newreq.pem
TLSVerifyClient demand
Than i want to test it with openssl:
openssl s_client -connect localhost:636 -showcerts
CONNECTED(00000003)
depth=1 /C=DE/ST=Bayern/L=Fuerstefeldbruck/O=FM-Data/CN=Matthias Fechner/emailAddress=idefix@fechner.net
verify error:num=19:self signed certificate in certificate chain
verify return:0
9240:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40
9240:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
It seems, that with the certificate something is wrong.
What did i wrong?
--
Bye
Matthias