I am trying to get ssl with openldap working nicely, but until so far,
i am just frustated, like in:
etosha$ ldapsearch -Z -x
ldap_start_tls: Connect error (-11)
additional info: error:0D0890A1:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
ldap_bind: Can't contact LDAP server (-1)
additional info: error:0D0890A1:asn1 encoding
routines:ASN1_verify:unknown message digest algorithm
Here is how i managed to generate my server key:
$ export OPENSSL_CONF=/etc/ssl/ca.cnf
$ openssl req -x509 -newkey rsa -out ca-crt.pem -outform PEM -days 365
$ unset OPENSSL_CONF
$ openssl req -newkey rsa:1024 -keyout tmp-key.pem -keyform PEM -out
tmp-csr.pem -outform PEM -days 365
$ openssl rsa < tmp-key.pem > private/slapd-key.pem
$ export OPENSSL_CONF=/etc/ssl/ca.cnf
$ openssl ca -in tmp-csr.pem -out slapd-crt.pem
$ rm -f tmp*pem
My ldap.conf is like in:
ssl true
TLS_CACERT /asd/etc/ssl/ca/ca-crt.pem
My slapd.conf is like in:
TLSCACertificateFile /asd/etc/ssl/ca/ca-crt.pem
TLSCertificateFile /asd/etc/ssl/crt/slapd-crt.pem
TLSCertificateKeyFile /asd/etc/ssl/key/slapd-key.pem
My ca.cnf goes attached.
Thanks a lot for your time and cooperation.
Best regards,
Gustavo Rios
Attachment:
ca.cnf
Description: Binary data