[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Enabling TLS problem on openldap2-2.3.39



--On November 19, 2007 10:36:36 AM -0800 "Keagle, Chuck" <chuck.keagle@boeing.com> wrote:

Be default, the SLES 9.3 slapd.conf defines the CA Cert like this:

TLSCACertificatePath /etc/ssl/certs

You didn't include that in your posted configuration, however. Always provide all of the relevant details.

That directory has lots of pem files in it with x509 symbolic links:

ls -C /etc/ssl/certs
Password:
052eae11.0  6f5d9899.0   d4e39186.0         ICE-root.pem    timCA.pem
18d46017.0  73912336.0   ddc328ff.0         ICE-user.pem    tjhCA.pem
1e49180d.0  7651b327.0   dsa-ca.pem         ICP-Brasil.pem  vsign1.pem
1ef89214.0  8c401b31.0   dsa-pca.pem        nortelCA.pem    vsign2.pem
1f6c59cd.0  8caad35e.0   Equifax-root1.pem  pca-cert.pem    vsign3.pem
24867d38.0  91b8190d.0   expired            RegTP-4R.pem    vsignss.pem
2edf7016.0  a99c5886.0   f3e90025.0         RegTP-5R.pem    vsigntca.pem
3ecf89a3.0  adbec561.0   f73e89fd.0         RegTP-6R.pem    YaST-CA.pem
594f1775.0  b5f329fa.0   factory.pem        rsa-cca.pem
69ea794f.0  c33a80d4.0   ICE-CA.pem         thawteCb.pem
6bee6be3.0  ca-cert.pem  ICE.crl            thawteCp.pem

I think CA certs is set up correctly. Am I wrong about that?

As I recall, you said you used a self-signed cert. Is the CA cert that you used to sign it in /etc/ssl/certs? Is there an X509 hash for it in /etc/ssl/certs? If not, then no, it isn't set up correctly.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration