[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS handshake failure

To: openldap-software@openldap.org
Subject: TLS handshake failure
From: Esther Puente <estherpuente@udc.es>
Date: Tue, 18 Sep 2007 13:32:08 +0200
Organization: UDC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I follow the instructions in
http://www.openldap.org/faq/data/cache/185.html and in other
tutorials from the Web for activate TLS and use a CA and I can't get it
works right. The error I obtained is a "Handshake failure".
Somebody can help me?

I paste you my slapd.conf and my ldap.conf:


#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include   /etc/openldap/schema/core.schema
include   /etc/openldap/schema/cosine.schema
include   /etc/openldap/schema/inetorgperson.schema
include   /etc/openldap/schema/nis.schema

pidfile   /var/run/openldap/slapd.pid
argsfile  /var/run/openldap/slapd.args

database  bdb
suffix    "dc=abc,dc=es"
checkpoint  32  30 # <kbyte> <min>
rootdn    "cn=Manager,dc=abc,dc=es"
rootpw    asdhjka
# The database directory MUST exist prior to running slapd AND 
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/openldap-data
# Indices to maintain
index objectClass eq

TLSCACertificateFile /etc/openldap/ssl/cacert.pem
TLSCertificateFile /etc/openldap/ssl/certs/servidorcert.pem
TLSCertificateKeyFile /etc/openldap/ssl/private/servidorkey.pem
TLSVerifyClient demand



#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE  dc=abc,dc=es
URI ldap://localhost ldaps://localhost
PORT 636

TLS_CACERT /etc/openldap/ssl/cacert.pem
TLS_CERT /etc/openldap/ssl/clientecert.pem
TLS_KEY /etc/openldap/ssl/clientekey.pem
TLS_REQCERT demand
- -- 
AVISO: Las opiniones expresadas en este mensaje son estrictamente
personales y no es una posiciÃn oficial de la Universidade da CoruÃa.

AVISO LEGAL: Este mensaje y sus ficheros adjuntos tienen carÃcter
privado y confidencial y van dirigidos exclusivamente a sus
destinatarios. Si ha recibido este mensaje por error, no debe revelarlo,
copiarlo o distribuirlo en ningÃn sentido sin previo consentimiento por
escrito del destinatario. Rogamos lo comunique al remitente y elimine
dicho mensaje y cualquier documento adjunto que pudiera contener. De no
hacerlo asÃ puede vulnerar la legislaciÃn vigente.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7-ecc0.1.6 (GNU/Linux)

iD8DBQFG77c4M/ZbFVfHDjwRArWtAJ0fcj68YMSLOK4yIF+Yts1QFb9arACdHnKw
YADPlfMT51Iny0NhupLqgFY=
=hVor
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: TLS handshake failure
  - From: Michael StrÃder <michael@stroeder.com>

Prev by Date: Re: What is this? It doesn't work...
Next by Date: Re: TLS handshake failure
Index(es):
- Chronological
- Thread