[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: can't use godaddy SSL cert
On Thu, 25 Nov 2010, bluethundr wrote:
> Hey list,
>
> I was having a similar SSL/openLDAP problem to this last week. I had
> a chance to look at this again today and it still appears to not be
> working. I called godaddy and had the last cert cancelled and reissued
> as I had mis-typed the name of the CN on the last one.
>
> I am trying to setup a Godaddy turbo SSL certificate with an openLDAP
> 2.4 server under FreeBSD 8.1.
>
> [root@LBSD2:/usr/home/bluethundr]#pkg_info | grep openldap
> openldap-sasl-client-2.4.23 Open source LDAP client implementation
> with SASL2 support
> openldap-sasl-server-2.4.23 Open source LDAP server implementation
>
I bet you better check filenames, and permissions of cacert, client cert,
and key file. And certification chain. using openssl s_client provide full
path to certificate file. CA Certificate, certification chain, keyfile and
client certificate are, as you know, different things, also check default
client cert location in /etc/ldap/ldap.conf and server cert in slapd.conf,
etc. ( man 5 ldap.conf ). Also investigate TLS_REQCERT option, subject of
certificate's key file's password. And probably, if interested, CRL usage
and purpose..
I must admit I didn't read your post with appropriate attention, but,
regarding mis-type you mentioned, I bet it's permissions and default
file locations related.
Regards,
DT