Hi Dieter,<br><br>Thanks for the reply,<br><br>This server was only for testing purposes, so, that&#39;s why I used a self-signed certificate.<br><br>I got it working, the issue, as stupid as it is, was that I was editing the wrong ldap.conf file (Mac OSX has one on /etc/openldap and other on /opt/local/etc/openldap, which was the one being used).<br>
<br>Marcelo.<br><br><div class="gmail_quote">On Thu, May 20, 2010 at 3:09 AM, Dieter Kluenter <span dir="ltr">&lt;<a href="mailto:dieter@dkluenter.de">dieter@dkluenter.de</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">Marcelo de Moraes Serpa &lt;<a href="mailto:celoserpa@gmail.com">celoserpa@gmail.com</a>&gt; writes:<br>
<br>
&gt; Hello all,<br>
&gt;<br>
&gt; I hope someone could help me -- I&#39;m trying for almost one whole day already<br>
&gt; and couldn&#39;t get LDAP over SSL to work, without success.<br>
</div>[...]<br>
<div class="im">&gt; I have generated a self-signed certificate using this command:<br>
&gt;<br>
&gt; sudo openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout<br>
&gt; server.pem -days 3650<br>
</div>[...]<br>
<br>
This is not the proper way to create a certificate chain.<br>
1. create a certificate authority<br>
2. create a server certificate<br>
3. sign the server certificate with the CA<br>
4. extract the password from server certificate into a key<br>
<br>
You may use tinyCA to create the chain<br>
<a href="http://tinyca.sm-zone.net/index.html" target="_blank">http://tinyca.sm-zone.net/index.html</a><br>
<br>
-Dieter<br>
<font color="#888888"><br>
--<br>
Dieter Klünter | Systemberatung<br>
sip: +49.40.20932173<br>
<a href="http://www.dpunkt.de/buecher/2104.html" target="_blank">http://www.dpunkt.de/buecher/2104.html</a><br>
GPG Key ID:8EF7B6C6<br>
</font></blockquote></div><br>