If I specify -key and -cert :
[root@myhost openldap]# openssl s_client
-connect localhost:636 -showcerts -key /etc/openldap/certs/myhost.key -cert
/etc/openldap/certs/myhost.crt
....
....
---
SSL handshake has read 2324 bytes and
written 983 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 512 bit
SSL-Session:
Protocol : TLSv1
Cipher :
AES256-SHA
Session-ID: 3E07A62C57A11DEAFBBF0A87475A32E46D6790FE041990AB4887F80B123B179B
Session-ID-ctx:
Master-Key: DF7028A34CB69F1E48BF64E93C1E3F33236A1F084523A23B1A2749EDE83BB4E7472E57E4D8F4D97FBF0487D5A42BB044
Key-Arg : None
Krb5 Principal: None
Start Time: 1098502481
Timeout : 300 (sec)
Verify return code: 19
(self signed certificate in certificate chain)
---
this looks like my problem is not from
ldapseach but something else, right? why do I need to specify -cert
and -key to make "openssl s_client" work? Does ldapsearch
or openssl look for a default "cert" and "key" from
a DEFAULT location. (eg. ldapsearch or openssl will look for
/etc/certs/server.key and /etc/certs/server.crt ... )
Barrow
"Tay, Gary" <Gary_Tay@platts.com>
10/22/2004 07:09 PM
To
"Barrow H Kwan" <bhkwan@thoughtworks.com>
cc
Subject
RE: problem with ldapsearch/TLS (
or Fedora Core 2?? )
Turn on debugging to get more hints.
Did u put cacert.pem in slapd.conf on the server and $ETC_OPENLDAP/ldap.conf
on the client.
My HOWTO has hands-on steps for newbies to practise, u may find it useful.
http://web.singnet.com.sg/~garyttt/
Gary
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org on behalf of Barrow H Kwan
Sent: Fri 10/22/2004 10:16 AM
To: openldap-software@OpenLDAP.org
Cc:
Subject: problem with ldapsearch/TLS ( or Fedora Core 2?? )