Re: Enabling TLS problem on openldap2-2.3.39

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Friday, November 16, 2007 5:01 PM -0800 "Keagle, Chuck" 
<chuck.keagle@boeing.com> wrote:

> I'm configuring slapd to use TLS.  First I just want to make it work,
> then I'll go into requiring encryption.
>
> The system is SLES 9.3
> The openldap2 is 2.3.39
> Other certifictes are in /etc/ssl/certs as specified by default in
> slapd.conf for openldap2 2.3.39.
>
> The database is currently empty, just getting started.
>
> Generated a self-signed x509 certificate
> 	cd /etc/openldap
> 	openssl genrsa 1024 >server.key
> 	chmod 0440 server.key
> 	chown root:ldap server.key
> 	openssl req -new -key server.key -x509 -days 100 -out server.crt
> 		Entered all the important stuff
> 	chmod 0444 server.crt
>
> Checked certificate and it looked acceptable
> 	openssl x509 -text -in server.crt
>
> Changed following lines in slapd.conf:
> 	TLSCertificateFile /etc/openldap/server.crt
> 	TLSCertificateKeyFile /etc/openldap/server.key


You failed to set the CA Cert directive in slapd.conf, so it has no way of 
presenting its CA cert.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration