On Thu, 25 Nov 2010, bluethundr wrote:
Hey list,
I was having a similar SSL/openLDAP problem to this last week. I had a chance to look at this again today and it still appears to not be working. I called godaddy and had the last cert cancelled and reissued as I had mis-typed the name of the CN on the last one.
I am trying to setup a Godaddy turbo SSL certificate with an openLDAP 2.4 server under FreeBSD 8.1.
[root@LBSD2:/usr/home/bluethundr]#pkg_info | grep openldap openldap-sasl-client-2.4.23 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.23 Open source LDAP server implementation
I bet you better check filenames, and permissions of cacert, client cert, and key file. And certification chain. using openssl s_client provide full path to certificate file. CA Certificate, certification chain, keyfile and client certificate are, as you know, different things, also check default client cert location in /etc/ldap/ldap.conf and server cert in slapd.conf, etc. ( man 5 ldap.conf ). Also investigate TLS_REQCERT option, subject of certificate's key file's password. And probably, if interested, CRL usage and purpose.. I must admit I didn't read your post with appropriate attention, but, regarding mis-type you mentioned, I bet it's permissions and default file locations related.
Regards, DT