Re: [ApacheDS] Ceritficate for StartTLS

Wed, 06 Jan 2010 02:56:12 -0800 

Matthias, no problem at all ...
Please refer to this post of Stefan as I had the same issue earlier this year: 


> 
-------------------------------------------------------------------------------------



 Further, I would like to use our self-signed and later "trusted" SSL
 certificate for
 the SSL communication, but the web page doc and the current config are
 different:

  From the web page:

  <ldapService id="ldapsService"
              enabled="true"
              tcpPort="10636"
              enableLdaps="true"
              nbTcpThreads="8"
              keystoreFile="C:/java/apacheds-1.5.5/conf/zanzibar.ks"
              certificatePassword="secret">
    <directoryService>#directoryService</directoryService>
  </ldapService>


  From what I see in our config:

 <ldapServer id="ldapServer"
            allowAnonymousAccess="false"
            saslHost="ldap.netsuccess.ch"
            saslPrincipal="ldap/[email protected]"
            searchBaseDn="ou=users,ou=system"
            maxTimeLimit="15000"
            maxSizeLimit="1000">
    <transports>
      <tcpTransport address="0.0.0.0" port="389" nbThreads="8"
 backLog="50" enableSSL="false"/>
      <tcpTransport address="0.0.0.0" port="636" enableSSL="true"/>
    </transports>

    <directoryService>#directoryService</directoryService>

  </ldapServer>


 This appears quiet different, as some of the attributes in the sample
 config ended up in the<tcpTransport>
 definition ... where should the keystore definition go?


Yes. this has been changed from 1.5.4 to 1.5.5. The right place should
be the 'ldapServer element':

<ldapServer id="ldapServer"
           keystoreFile="..."
           certificatePassword="secret"
           allowAnonymousAccess="false"
           saslHost="ldap.netsuccess.ch"
           saslPrincipal="ldap/[email protected]"
           searchBaseDn="ou=users,ou=system"
           maxTimeLimit="15000"
           maxSizeLimit="1000">


 
-------------------------------------------------------------------------------------




Best regards

Beat


On 06.01.2010 10:44 AM, Matthias Cramer wrote:

Hi Beat

I'm using 1.5.5

Sorry for not mentioning it.

Regards

   Matthias

Beat Burgener | NetSuccess GmbH wrote:

   

Matthias

Which version of Apache DS do you use?

Beat

On 06.01.2010 10:32 AM, Matthias Cramer wrote:

     

Hi

I'm fairly new to Apache DS but managed to get all working what I like
till now. I've generated an new SSL Cert and configured it into
server.xml so that it works for normal SSL ldaps connections.
But when I do starttl still the default certificate that came with the
package get's used. How do I replace this one. I did not find anything
on the website and google was of no help too.

Any hint is appreciated.

Regards

    Matthias



       



   






















					Reply via email to