LÉVAI Dániel leva@ecentrum.hu writes:
On Monday 27 October 2008 16.36.41 Philip Guenther wrote:
On Mon, 27 Oct 2008, LÉVAI Dániel wrote: ...
[...]
There are two ways to use LDAP with TLS/SSL:
- start the connection in cleartext and then use the StartTLS
extended-op to initiate a TLS layer, or 2) negotiate a TLS/SSL layer immediately after connecting.
Alright, understood! Thanks!
The former is requested using the "ldap://" schema with the -Z option and is normally run on port 389. The latter is requested using the "ldaps://" schema and is normally run on port 636. These are distinct protocols: the client and server have to be talking the same one or it just won't work.
[...]
With both ldapsearch(1) commands, I've been asked for my password, and I typed something bogus intentionally, in the hope of getting the invalid credentials message, but unfortunatelly, I didn't get it.
This sounds as if you have not removed the private part from the key, see man rsa(1), pkcs8(1). How did you create the certificates?
-Dieter