[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SSL/TLS problem
Hello,
I tried to configure SSL/TLS (no auth, just with OpenLDAP using this
documentation [1] (without TLS/SSL everything works fine). I'm using
Debian GNU/Linux on x86, my slapd version is 2.2.23 and openssl 0.9.7e.
So i did the following command in order to generate all the openssl
needed files (section 4.2 of the previous document) :
# /usr/lib/ssl/misc/CA.sh -newca
# openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem
# /usr/lib/ssl/misc/CA.sh -sign
# cp demoCA/cacert.pem /etc/ldap/cfg/ssl/cacert.pem
# mv newcert.pem /etc/ldap/cfg/ssl/servercrt.pem
# mv newreq.pem /etc/ldap/cfg/ssl/serverkey.pem
# chmod 400 /etc/ldap/cfg/ssl/serverkey.pem
I added these line to /etc/ldap/slapd.conf :
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSVerifyClient demand
TLSCACertificateFile /etc/ldap/cfg/ssl/cacert.pem
TLSCertificateFile /etc/ldap/cfg/ssl/servercrt.pem
TLSCertificateKeyFile /etc/ldap/cfg/ssl/serverkey.pem
And these lines to /etc/ldap/ldap.conf :
TLS_CACERT /etc/ldap/cfg/ssl/cacert.pem
TLS_REQCERT demand
Then i did :
# /etc/init.d/slapd restart
# ldapsearch -ZZ -x -w toto -D "cn=admin,dc=scrappy,dc=mystery-inc" \
-b "ou=personnes,dc=scrappy,dc=mystery-inc" "(ObjectClass=*)"
(this ldapsearch command line worked fine before SSL/TLS)
I got these errors :
ldap_start_tls: Connect error (-11)
additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
I found nothing at all about this error on search engines, what could i
do in order to solve this embarrassing problem ?
Thanks for your help,
[1] http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html#4.0
--
Arnaud Fontaine <arnaud@andesi.org> - http://www.andesi.org/ | GPG
Public Key available on pgp.mit.edu | Fingerprint: D792 B8A5 A567 B001
C342 2613 BDF2 A220 5E36 19D3