[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: TLS/SSL problems, server side certificate not recognized
er, typo: in 3 and 4 where it says "host files" it should read "conf files".
Sorry!
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of John Lane
Sent: 07 March 2005 18:51
To: Omar Al-Tabari; openldap-software
Subject: RE: TLS/SSL problems, server side certificate not recognized
Hello. This is a complex area, however I'll try and list the gotchas that
I've learnt over the last few weeks.
1. MAKE SURE the "cn" in your cert is the same as the host name of the
server (as given by "hostname -f", and MAKE SURE this value is in the hosts
file as the primary host name (not an alias) on your client machines as well
as your server. ALSO MAKE SURE you reference the server in slapd.conf,
ldap.conf and any other files by it's name rather than an IP address.
2. The server's cert, key and the cert of the ca that signed it need to be
located on the server and readable by slapd, etc. These should be referenced
in host files using their full path.
3. The client's cert, key and the cert of the ca that signed it need to be
located on the server and readable by slapd, etc. These should be referenced
in host files using their full path.
4. Use ldapsearch -d -1 to test - it's very verbose and you'll be able to
see what is going on.
5. Post again if you need more help. Persevere, it does work out in the
end!!!!!
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Omar Al-Tabari
Sent: 07 March 2005 11:55
To: openldap-software
Subject: TLS/SSL problems, server side certificate not recognized
I'm totally ignorant regarding ldap but I must configure it to use it in
my company, I need to enable SSL/TLS for its use, either TLS over port
389 or SSL over port 636, but I can’t seem to make it work.
I’ve created a self signed certificate, as instructed in many FAQ and
HOW-TO articles, but it doesn’t seem to work, I also created a CA and
separated the certificate from the private key and added it to the
server but still no success.
i need help, it looks like I’m a total idiot that’s why it doesn’t work,
you cant help me with my stupidity but I hope you could help me to get
SSL or TLS working.
Also what needs to be done on the client side, do I copy the created
certificates or do I copy nothing?
I’m using:
Fedora Core 2
Openldap 2.2.13