[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL/TLS problem

To: Arnaud Fontaine <arnaud@andesi.org>
Subject: Re: SSL/TLS problem
From: "Kirk A. Turner-Rustin" <ktrustin@owu.edu>
Date: Tue, 24 May 2005 08:42:26 -0400 (EDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <874qctv49y.fsf@velma.mini-dweeb.org>
References: <874qctv49y.fsf@velma.mini-dweeb.org>

On Tue, 24 May 2005, Arnaud Fontaine wrote:

[cut]


I added these line to /etc/ldap/slapd.conf :
TLSCipherSuite          HIGH:MEDIUM:+SSLv2
TLSVerifyClient         demand


Above, you are telling slapd to demand a certificate from your
LDAP client and terminate the session immediately if the client
fails to provide one. If this is intended, provide your client with
an appropriate certificate and add an appropriate TLS_CERT option
to your ldap.conf(5). If not intended, you should remove this line.

TLSCACertificateFile    /etc/ldap/cfg/ssl/cacert.pem
TLSCertificateFile      /etc/ldap/cfg/ssl/servercrt.pem
TLSCertificateKeyFile   /etc/ldap/cfg/ssl/serverkey.pem

And these lines to /etc/ldap/ldap.conf :
TLS_CACERT      /etc/ldap/cfg/ssl/cacert.pem
TLS_REQCERT     demand

[cut]

--
  Kirk Turner-Rustin       | Programmer/Analyst
  Ohio Wesleyan University | Libraries and Information Services
  http://www.owu.edu       | http://lis.owu.edu

References:
- SSL/TLS problem
  - From: Arnaud Fontaine <arnaud@andesi.org>

Prev by Date: Re: Problem with OpenLDAP client tools connecting to Sun Directory Server using STARTTLS
Next by Date: fax matching rule
Index(es):
- Chronological
- Thread