Re: TLS problems with openldap

[LÃVAI DÃniel <leva@ecentrum.hu>]

Dieter Kluenter wrote:
> LÃVAI DÃniel <leva@ecentrum.hu> writes:
>
> > On Monday 27 October 2008 16.36.41 Philip Guenther wrote:
> > > On Mon, 27 Oct 2008, LÃVAI DÃniel wrote:
> > > ...
> [...]
> > > There are two ways to use LDAP with TLS/SSL:
> > > 1) start the connection in cleartext and then use the StartTLS
> > > extended-op to initiate a TLS layer, or
> > > 2) negotiate a TLS/SSL layer immediately after connecting.
> > Alright, understood! Thanks!
> >
> > > The former is requested using the "ldap://"; schema with the -Z option
> > > and is normally run on port 389.  The latter is requested using the
> > > "ldaps://" schema and is normally run on port 636.  These are
> > > distinct protocols: the client and server have to be talking the same
> > > one or it just won't work.
> [...]
>
> > With both ldapsearch(1) commands, I've been asked for my password, and I 
> > typed something bogus intentionally, in the hope of getting the invalid 
> > credentials message, but unfortunatelly, I didn't get it.
>
> This sounds as if you have not removed the private part from the key,
> see man rsa(1), pkcs8(1).
> How did you create the certificates?

I have the key and cert in two distinct files.
I've created a certificate signing request, sent it to the CA, it signed 
it, and then sent it back. Now I have the signed certificate, and CA's 
certificate.

Daniel

--
LEVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412  2D83 1373 917A 4AC0 A4B1