Hi, there are 2 possible solutions. 1st: each client need the correct cert that he can connect. 2nd: if you wanna use ist like "ssl webpages", you need to set this in slapd.conf (disables client cert checking)
TLSVerifyClient never
regards
Am 04.12.2009 11:16, schrieb Chamith Kumarage:
Hi Folks,
I have setup openldap with SSL and i'm using self signed certs. I have included the following in my slapd.conf.
TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSCACertificateFile /etc/ldap/ssl/server.pem TLSCertificateFile /etc/ldap/ssl/server.pem TLSCertificateKeyFile /etc/ldap/ssl/server.pem TLSVerifyClient demand
and in my ldap.conf I have;
HOST <my_ip> PORT 636 TLS_REQCERT /etc/ldap/ssl/server.pem
When I start the service, I see port 636 is up and I can even telnet to it. But I cannot perform any ldap operations there.
Any help would be appreciated!
Thanks, ~Chamith