Hi Matthias,
Matthias Cramer wrote:
As it looks like, the starttls extension does not honor the keystore
configured in the ldapServer config.
Yes, you are right. I just checked the source code and the configured
keystore in server.xml isn't used for StartTLS extended operation :-/
You could find the certificate and key that is use in the Admin Entry
(uid=admin,ou=system):
dn: uid=admin,ou=system
keyAlgorithm: RSA
privateKey:: ...
privateKeyFormat: PKCS#8
publicKey:: ...
publicKeyFormat: X.509
userCertificate:: ...
...
What you need to do is to extract the private key, public key and
certificate from your keystore and replace the attributes privateKey,
publicKey and userCertificate with those guys. You could use Portacle
and OpenSSL to extract those information. If you need further help don't
hesitate to ask.
Not very user friendly right now...
Kind Regards,
Stefan
