: Yes indeedie, sir. You were right about requiring the passphrase.
I'm 1 for 1... let's see whether I can score 2. ;)
: "starting ldap:", I type in the passphrase, and off we go. With the command
: "slapd -u ldap -d 255", I'm prompted for the passphrase. Many thanks!
Some tools let you put the passphrase in a config file. I'm not sure
about OpenLDAP. For others, you're SOL and you have to remove the
passphrase from the key if you want automated service restarts. It's a
tradeoff between that extra layer of security and the reality that
babysitting restarts is typically a no-go...
: One more question, if I may: when I view the certificate in my browser, it
: shows that the cert. was issued to localhost.localdomain by
: localhost.localdomain. Of course, in ceating both the CA and the
: certificate, I plugged in my company-spcific information. I would expect to
: see this in the cert. Why am I not? How do I get my certificate to show?
Are you pointing your web browser to the ldaps port in the URL?
https://your_ldap_server:636
^^^ this is key
If you have an SSL webserver running on that host, using a different
cert, you'll get the webserver's cert (because your browser defaults to
port 443, for https) and not your ldap cert.
Otherwise, it's back to "slapd -d 255" -- note the file that it's
loading for a cert and run that through
openssl x509 -text ldap_cert_file
to confirm your entries.
-QM
--
www.brandxdev.net
C++ / Java / SSL
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
