Re: SSL/TLS testing

Mon, 12 Dec 2011 04:35:31 -0800 

You have a self signed certificate, so you don't need to verify your
certificate.
When you activate the tls on ldap, you only need this two lines, and you
don't need the line with certificate verification* olcTLSCACertificateFile
: *

dn: cn=config
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/myKey/{name_of_your_server}_slapd_cert.pem
dn: cn=config
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/myKey/{name_of_your_server}_slapd_key.pem


On Mon, Dec 12, 2011 at 12:31 PM, Jayavant Patil <[email protected]
> wrote:

>
> Hi,
>
> >On Mon, Dec 12, 2011 at 4:19 PM, reyman <[email protected]> wrote:
>
>> >With the option -ZZ i think, try this
>>
>> >ldapsearch -x -LLL -ZZ -d 150
>
>
> Yeah, It shows output containing ber_dump, ldap_write,ldap_read,
> tls_write, tls_read etc. But at the end is shows the following:
>
> TLS certificate verification: Error, self signed certificate
> TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_
> CERTIFICATE:certificate verify failed (self signed certificate).
> ldap_start_tls: Connect error (-11)
>     additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed
> certificate)
>
> Why it shows an error ? and how to resolve this?
>
> and when I do ldapsearch with -ZZ option it gives error
>
> $ldapsearch -x -v  -D "cn=root,dc=abc,dc=com" -w cluster -b
> "ou=People,dc=abc,dc=com" "uid=ldap_6" -h n0 -ZZ
> ldap_initialize( ldap://n0 )
> ldap_start_tls: Connect error (-11)
>     additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
>
>>
>> >On Mon, Dec 12, 2011 at 11:21 AM, Jayavant Patil <
>> [email protected]> wrote:
>>
>>> >>Hi,
>>>
>>> >>  I am using openldap-2.4.19-4.x86_64 on fedora 12 machine. I have
>>> enabled openldap SSL/TLS. How do I know >>(test) that I am using SSL/TLS
>>> connections instead of normal ldap:///?
>>>
>>> --
>>>
>>> Thanks & Regards,
>>> Jayavant Ningoji Patil
>>> Engineer: System Software
>>> Computational Research Laboratories Ltd.
>>> Pune-411 004.
>>> Maharashtra, India.
>>> +91 9923536030.
>>>
>>>
>>
>>
>> --
>> <http://stackoverflow.com/users/385881/reyman64>
>>
>>
>
>
> --
>
> Thanks & Regards,
> Jayavant Ningoji Patil
> Engineer: System Software
> Computational Research Laboratories Ltd.
> Pune-411 004.
> Maharashtra, India.
> +91 9923536030.
>
>


-- 
<http://stackoverflow.com/users/385881/reyman64>

Reply via email to