[Pkg-openldap-devel] Bug#478883: Bug#478883: Bug#478883: I have the same bug
Michael Kiefer
kiefer at mppmu.mpg.de
Wed Jul 16 08:28:53 UTC 2008
Am Mittwoch 16 Juli 2008 schrieb Steve Langasek:
> <snip>
>
> > olcTLSCACertificateFile: /etc/ldap/certs/cacert.pem
> > olcTLSCertificateFile: /etc/ldap/certs/certfile.crt
> > olcTLSCertificateKeyFile: /etc/ldap/certs/keyfile.key
> > olcTLSVerifyClient: demand
>
> <snip>
>
> This shows that client SSL certificates are required by the server. What
> does your /etc/ldap/ldap.conf look like, and what arguments are you using
> when calling openssl s_client for testing?
In order to connect from a client, I use
openssl s_client -connect <FQHN OF
SERVER>:636 -CAfile /etc/ldap/certs/cacert.pem -showcerts -cert /etc/ldap/certs/client.crt -key /etc/ldap/certs/client.key
my /etc/ldap/ldap.conf on the same host is
URI ldaps://<FQHN OF SERVER>
TLS_CACERT /etc/ldap/certs/cacert.pem
TLS_CACERTDIR /etc/ldap/certs
TLS_CERT /etc/ldap/certs/client.crt
TLS_KEY /etc/ldap/certs/client.key
--
+--------------------------------+
| |
| Michael Kiefer |
| Max-Planck-Institut für Physik |
| Föhringer Ring 6 |
| 80805 München |
| |
| Tel.: +49 89 32354 237 |
| Mail: kiefer at mppmu.mpg.de |
| |
+--------------------------------+
More information about the Pkg-openldap-devel
mailing list