[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: trouble configure TLS in LDAP
Hi,
Thomas <mubis@gmx.de> writes:
> Hi @all,
>
> I've some trouble running TLS with LDAP:
>
> At first I created on my Linux LDAP-Server a Certificate Authority with
> CA.pl -newca
> with the certification cacert.pem
> The result of a check with 'CA.pl -verify cacert.pem' is 'OK'
>
> After that I created a server certificate for my LDAP-Server with
> CA.pl -newcert -> newreq.pem
> and signed it with the Cerificate Authority
> CA.pl -signcert -> newcert.pem
> The result of a check with 'CA.pl -verify newcert.pem' is 'OK'
>
> In a 3rd step I deleted the password in newreq.pem with
> openssl rsa -in newreq.pem -out ldapkey.pem
> Here is the first error when I try a check with
> 'CA.pl -verify ldapkey.pem' it says:
> 'unable to load certificate
> 18032:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE'
You probabely got mixed up with your CA?
> I made a chmod 777 on the keys, no influence. Has anyone an idea what I'm
> doing wrong ?
>
>
> I also changed my slapd.conf with the entries:
> TLSCertificateFile /etc/openldap/newcert.pem
> TLSCertificateKeyFile /etc/openldap/ldapkey.pem
> TLSCACertificateFile /etc/openldap/cacert.pem
>
> After restarting slapd a 'openssl s_client -connect localhost:389 -showcerts'
> results in:
> 'CONNECTED(00000003)
> 18034:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:226:'
Try to start ./slapd -h "ldap:/// ldaps:///" and connect s_client to
localhost:636
openssl is not aware of the ldap_start_tls function.
>
> Any help would be appreciated,
> does someone know a good Link for a 'cookbook' for TLS with LDAP ?
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
-Dieter
(mea culpa)
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de