On Sun, Sep 7, 2014 at 2:20 PM, Vijay Ganesan <vijay@thoughtspot.com> wrote:
For SSL, I'm trying to install a self-signed certificate to OpenLDAP (version 2.4.28 on Ubuntu 12.04). Followed the following steps:1. Created server certificate using:openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 3652. Added following entries to /usr/share/slapd/slapd.conf:TLSCACertificateFile server.pemTLSCertificateFile server.pemTLSCertificateKeyFile server.pem3. Restarted openldap:sudo /etc/init.d/slapd restart4. Tried to read the certs:openssl s_client -connect localhost:636 -showcertsThis causes the following error:CONNECTED(00000003)140409289410208:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:---no peer certificate available---No client certificate CA names sent---SSL handshake has read 0 bytes and written 213 bytes---New, (NONE), Cipher is (NONE)Secure Renegotiation IS NOT supportedCompression: NONEExpansion: NONE---Can someone help with what might be wrong in the setup?Thanks--- Vijay
- Vijay