[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: can't use godaddy SSL cert



On Thu, 25 Nov 2010, bluethundr wrote:

> Hey list,
> 
>  I was having a similar SSL/openLDAP problem to this last week. I had
> a chance to look at this again today and it still appears to not be
> working. I called godaddy and had the last cert cancelled and reissued
> as I had mis-typed the name of the CN on the last one.
> 
>  I am trying to setup a Godaddy turbo SSL certificate with an openLDAP
> 2.4 server under FreeBSD 8.1.
> 
> [root@LBSD2:/usr/home/bluethundr]#pkg_info | grep openldap
> openldap-sasl-client-2.4.23 Open source LDAP client implementation
> with SASL2 support
> openldap-sasl-server-2.4.23 Open source LDAP server implementation
> 

I bet you better check filenames, and permissions of cacert, client cert,
and key file. And certification chain. using openssl s_client provide full 
path to certificate file. CA Certificate, certification chain, keyfile and 
client certificate are, as you know, different things, also check default 
client cert location in /etc/ldap/ldap.conf and server cert in slapd.conf,
etc. ( man 5 ldap.conf ). Also investigate TLS_REQCERT option, subject of 
certificate's key file's password. And probably, if interested, CRL usage 
and purpose.. 
I must admit I didn't read your post with appropriate attention, but, 
regarding mis-type you mentioned, I bet it's permissions and default 
file locations related.

Regards,
DT