[Pkg-openldap-devel] Bug#478883: Bug#478883: Bug#478883: I have the same bug

Michael Kiefer kiefer at mppmu.mpg.de
Wed Jul 16 08:28:53 UTC 2008


Am Mittwoch 16 Juli 2008 schrieb Steve Langasek:
> <snip>
>
> > olcTLSCACertificateFile: /etc/ldap/certs/cacert.pem
> > olcTLSCertificateFile: /etc/ldap/certs/certfile.crt
> > olcTLSCertificateKeyFile: /etc/ldap/certs/keyfile.key
> > olcTLSVerifyClient: demand
>
> <snip>
>
> This shows that client SSL certificates are required by the server.  What
> does your /etc/ldap/ldap.conf look like, and what arguments are you using
> when calling openssl s_client for testing?

In order to connect from a client, I use
openssl s_client -connect <FQHN OF 
SERVER>:636 -CAfile /etc/ldap/certs/cacert.pem -showcerts -cert /etc/ldap/certs/client.crt -key /etc/ldap/certs/client.key

my /etc/ldap/ldap.conf on the same host is

URI     ldaps://<FQHN OF SERVER>
TLS_CACERT      /etc/ldap/certs/cacert.pem
TLS_CACERTDIR   /etc/ldap/certs
TLS_CERT        /etc/ldap/certs/client.crt
TLS_KEY         /etc/ldap/certs/client.key


-- 
+--------------------------------+
|                                |
| Michael Kiefer                 |
| Max-Planck-Institut für Physik |
| Föhringer Ring 6               |
| 80805 München                  |
|                                |
| Tel.: +49 89 32354 237         |
| Mail: kiefer at mppmu.mpg.de      |
|                                |
+--------------------------------+





More information about the Pkg-openldap-devel mailing list