Nathan Huesken wrote:
Hello together,
I am trying to enable TLS on my ldap server. I executed:
openssl req -config /etc/ssl/openssl.cnf -new -x509 -nodes -out
/etc/ssl/ldap.pem -keyout /etc/openldap/ldap-key.pem -days 999999
and added:
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ldap-key.pem
TLSVerifyClient demand
to my slapd.conf.
To my ldap.conf, I added:
TLS_CERT /etc/ssl/ldap.pem
TLS_KEY /etc/openldap/ldap-key.pem
TLS_REQCERT allow
Re-read ldap.conf(5).
and tried
ldapsearch -x -b 'cn=Manager,dc=lonely-star,dc=org' '(objectclass=*)' -ZZ
to test it.
The result is:
ldap_start_tls: Connect error (-11)
additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Any suggestions what the pronblem could be?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
