--On Friday, November 16, 2007 5:01 PM -0800 "Keagle, Chuck" chuck.keagle@boeing.com wrote:
I'm configuring slapd to use TLS. First I just want to make it work, then I'll go into requiring encryption.
The system is SLES 9.3 The openldap2 is 2.3.39 Other certifictes are in /etc/ssl/certs as specified by default in slapd.conf for openldap2 2.3.39.
The database is currently empty, just getting started.
Generated a self-signed x509 certificate cd /etc/openldap openssl genrsa 1024 >server.key chmod 0440 server.key chown root:ldap server.key openssl req -new -key server.key -x509 -days 100 -out server.crt Entered all the important stuff chmod 0444 server.crt
Checked certificate and it looked acceptable openssl x509 -text -in server.crt
Changed following lines in slapd.conf: TLSCertificateFile /etc/openldap/server.crt TLSCertificateKeyFile /etc/openldap/server.key
You failed to set the CA Cert directive in slapd.conf, so it has no way of presenting its CA cert.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration