[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: trouble configure TLS in LDAP



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Thomas

> In a 3rd step I deleted the password in newreq.pem with
> openssl rsa -in newreq.pem -out ldapkey.pem
> Here is the first error when I try a check with
> 'CA.pl -verify ldapkey.pem' it says:
> 'unable to load certificate
> 18032:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE'
>
> I made a chmod 777 on the keys, no influence. Has anyone an
> idea what I'm doing wrong ?

The -verify option is for certificates, not keys.

> I also changed my slapd.conf with the entries:
> TLSCertificateFile    /etc/openldap/newcert.pem
> TLSCertificateKeyFile /etc/openldap/ldapkey.pem
> TLSCACertificateFile /etc/openldap/cacert.pem
>
> After restarting slapd a 'openssl s_client -connect
> localhost:389 -showcerts'
> results in:
> 'CONNECTED(00000003)
> 18034:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:226:'

You tried to open an SSL session on a cleartext port. Naturally that won't
work.

> Any help would be appreciated,
> does someone know a good Link for a 'cookbook' for TLS with LDAP ?

Go to www.openssl.org and learn how to use OpenSSL by itself first. The
OpenLDAP FAQ-o-Matic has a lot of info on setting things up:
http://www.openldap.org/faq/index.cgi?file=185

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support