[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SSL/TLS issue
Aaron,
1 - I made change as you indicated to ldap.conf to point to the cacert file "TLS_CACERT /opt/local/etc/openldap/cacert.pem"
2 - Sorry it was a typo
3- the output ls -ld " -rw-r--r-- 1 root root 3213 Oct 11 09:38 /opt/local/etc/openldap/cacert.pem"
Thanks,
Aziz
-----Original Message-----
From: Aaron Richton [mailto:richton@nbcs.rutgers.edu]
Sent: Monday, October 15, 2012 1:11 PM
To: Darouichi, Aziz
Cc: openldap-technical@openldap.org
Subject: RE: SSL/TLS issue
On Mon, 15 Oct 2012, Darouichi, Aziz wrote:
> This is the link I followed to create the CA and sigh it
> http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#7.0
Did you read the "Note" at the top of that paper? Worth considering...
> if I run cert check from client using the following
> openssl s_client -connect ldap-ssl.curry.edu:636 -CApath /opt/local/etc/openldap/cacert.pem
1. Again, did you really make a directory named "caert.pem"? Because if
that's a file, I believe that should be -CAfile instead. (Same as I said
that your TLS_CACERTDIR should probably be a TLS_CACERT ldap.conf
directive.)
2. In your previous example it was "cacert.pem" but now I see "caert.pem".
Whatever's actually on your filesystem -- make sure that you're using it,
typo-free. It's unlikely that they're both correct.
Providing us the output of:
"ls -ld /opt/local/etc/openldap/caert.pem /opt/local/etc/openldap/cacert.pem"
might be helpful if this isn't clear.