Hi Thorsten,
Thorsten Kampe schrieb:
> * Kiran Ayyagari (Sun, 12 Jul 2009 12:47:15 +0530)
>>> I'm trying to bind to ApacheDS 1.5.4 via TLS with Python-LDAP. For
>>> that ("OPT_X_TLS_CACERTFILE") I need the "X.509 certificate of the
>>> CA that certified the LDAP server's public key".
>>>
>>> Where or how can I get that key?
>> The certificate and the key pair data is stored in the admin entry
>> with DN uid=admin,ou=system
>>
>> P.S:- You can use Apache Directory Studio to extract the required
>> information.
>
> Thanks for the response. Could you elaborate? I tried to get the
> certificate with LDAP Admin, Softerra LDAP Browser and LDAPSoft's LDAP
> Browser but I was not able to establish a TLS connection with those
> certificate(s) (while it worked to Active Directory and eDirectory).
>
> Do I have to export publicKey, privateKey or userCertificate? How can I
> export that with Apache Directory Studio?
The certificate of a default ApacheDS installation is self-singed (thus
its own CA certificate) and stored in userCertificate attribute of
uid=admin,ou=system. You could just save the value (Using Studio or any
other tool):
- Go to uid=admin,ou=system
- In the Entry Editor, edit the userCertificate attribute, this should
open the "Hex Editor" (in Studio 1.5 there will be a certificate
viewer/editor and certificate validation, btw)
- Use the "Save" button in the opened dialog and save it to disk
- The certificate is stored in DER format.
Please see additionally [1] for more information of the SSL/StartTLS
configuration and certificate handling. The page is not up-to-date, but
most information is still valid.
Kind Regards,
Stefan
[1] http://directory.apache.org/apacheds/1.5/33-how-to-enable-ssl.html
