Hi Beat I have it exactly that way. And ldaps works well. but starttls still uses the old cert.
Ragrds Matthias Beat Burgener | NetSuccess GmbH wrote: > Matthias, no problem at all ... > > Please refer to this post of Stefan as I had the same issue earlier this > year: > >> > ------------------------------------------------------------------------------------- > > >> Further, I would like to use our self-signed and later "trusted" SSL >> certificate for >> the SSL communication, but the web page doc and the current config are >> different: >> >> From the web page: >> >> <ldapService id="ldapsService" >> enabled="true" >> tcpPort="10636" >> enableLdaps="true" >> nbTcpThreads="8" >> keystoreFile="C:/java/apacheds-1.5.5/conf/zanzibar.ks" >> certificatePassword="secret"> >> <directoryService>#directoryService</directoryService> >> </ldapService> >> >> >> From what I see in our config: >> >> <ldapServer id="ldapServer" >> allowAnonymousAccess="false" >> saslHost="ldap.netsuccess.ch" >> saslPrincipal="ldap/[email protected]" >> searchBaseDn="ou=users,ou=system" >> maxTimeLimit="15000" >> maxSizeLimit="1000"> >> <transports> >> <tcpTransport address="0.0.0.0" port="389" nbThreads="8" >> backLog="50" enableSSL="false"/> >> <tcpTransport address="0.0.0.0" port="636" enableSSL="true"/> >> </transports> >> >> <directoryService>#directoryService</directoryService> >> >> </ldapServer> >> >> >> This appears quiet different, as some of the attributes in the sample >> config ended up in the<tcpTransport> >> definition ... where should the keystore definition go? > > Yes. this has been changed from 1.5.4 to 1.5.5. The right place should > be the 'ldapServer element': > > <ldapServer id="ldapServer" > keystoreFile="..." > certificatePassword="secret" > allowAnonymousAccess="false" > saslHost="ldap.netsuccess.ch" > saslPrincipal="ldap/[email protected]" > searchBaseDn="ou=users,ou=system" > maxTimeLimit="15000" > maxSizeLimit="1000"> > >> >> ------------------------------------------------------------------------------------- >> > > > > Best regards > > Beat > > > On 06.01.2010 10:44 AM, Matthias Cramer wrote: >> Hi Beat >> >> I'm using 1.5.5 >> >> Sorry for not mentioning it. >> >> Regards >> >> Matthias >> >> Beat Burgener | NetSuccess GmbH wrote: >> >>> Matthias >>> >>> Which version of Apache DS do you use? >>> >>> Beat >>> >>> On 06.01.2010 10:32 AM, Matthias Cramer wrote: >>> >>>> Hi >>>> >>>> I'm fairly new to Apache DS but managed to get all working what I like >>>> till now. I've generated an new SSL Cert and configured it into >>>> server.xml so that it works for normal SSL ldaps connections. >>>> But when I do starttl still the default certificate that came with the >>>> package get's used. How do I replace this one. I did not find anything >>>> on the website and google was of no help too. >>>> >>>> Any hint is appreciated. >>>> >>>> Regards >>>> >>>> Matthias >>>> >>>> >>>> >> >> -- Matthias Cramer / mc322-ripe Senior Network & Security Engineer iway AG Phone +41 43 500 1111 Josefstrasse 225 Fax +41 44 271 3535 CH-8005 Zürich http://www.iway.ch/ GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
