Re: Openldap-2.4.35 TLS/SSl

To: "Darouichi, Aziz" <adarouic@post03.curry.edu>

Subject: Re: Openldap-2.4.35 TLS/SSl

From: Vishesh kumar <linuxtovishesh@gmail.com>

Date: Sat, 29 Jun 2013 01:23:55 +0530

Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3yrvO/cQwspYuVroPhAwVAvpfbtBcqqq85C+tUp1JQY=; b=YeiVbSCCx3AiCkMd9Ob8xCggI9vXd3VFQU4hzNrUC2gtXGOibU9F/qmAarg2nCU4En vg161rPdVK2+AEbZLV30rJULRMXkWbtLmPxeqquZosnWsebGRB9uk2OitzmzCDkn2PJ7 o4ittdMPu831RFzxC/8HidQJSyrav+P/HS/4yaK2BsW8GbPEoT9ETDeOtxQDkjnAqMRa u2H2iyYz08ypXrwW8B0v0mYEDwufziptKN33jJBhpm//5nNFohRV3NX/hb9qX+zsZpTJ 8u8sbD3a+aeG8RsSFJxfdT+47YwAIEXx47Wb/VD+p6qCChQOA2kxbn0zgTnluzz6r/Oq rEYA==

In-reply-to: <2398337E30371A47B556742B49C7805B644A61BA3B@EXCCRMBX01.Currynet.local>

References: <2398337E30371A47B556742B49C7805B644A61BA3B@EXCCRMBX01.Currynet.local>

Do the Certificate CN matching to servername ?

Thanks

On Sat, Jun 29, 2013 at 12:31 AM, Darouichi, Aziz <adarouic@post03.curry.edu> wrote:

Hi,

I am trying to configure TLS/SSL and I have a Cert from Geotrust . I configure slapd.conf with the followings:

# TLS/SSL information

# TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile /opt/local/etc/openldap/GeoTrust_Global_CA.cer

TLSCertificateFile /opt/local/etc/openldap/rhea.curry.edu.pem.cer
TLSCertificateKeyFile /opt/local/etc/openldap/rhea.key.pem

But when I check the cert using “openssl s_client -connect 192.168.60.43:636 -CApath /opt/local/etc/openldap/” I get

CONNECTED(00000003)
140230373582504:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---

no peer certificate available
---
No client certificate CA names sent
---

SSL handshake has read 0 bytes and written 321 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

I checked the log I see TLS connection

--
http://linuxmantra.com

References:

Openldap-2.4.35 TLS/SSl
- From: "Darouichi, Aziz" <adarouic@post03.curry.edu>