Vijay Ganesan vijay@thoughtspot.com schrieb am 08.09.2014 um 03:45 in
Nachricht CAB+CZKA5UqdD2DqEERwMfHxyaB9hVGLyFZiSxDmxj3NuYpw_xw@mail.gmail.com:
Note the in generating the self-signed certificate I use "localhost" as the common name.
Why do you need to proove the identity of localhost? Did you understand what PKI is all about?
On Sun, Sep 7, 2014 at 2:20 PM, Vijay Ganesan vijay@thoughtspot.com wrote:
For SSL, I'm trying to install a self-signed certificate to OpenLDAP (version 2.4.28 on Ubuntu 12.04). Followed the following steps: *1. Created server certificate using:* openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 365 *2. Added following entries to /usr/share/slapd/slapd.conf:* TLSCACertificateFile server.pem TLSCertificateFile server.pem TLSCertificateKeyFile server.pem *3. Restarted openldap:* sudo /etc/init.d/slapd restart *4. Tried to read the certs:* openssl s_client -connect localhost:636 -showcerts This causes the following error: *CONNECTED(00000003)* *140409289410208:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:* *---* *no peer certificate available* *---* *No client certificate CA names sent* *---* *SSL handshake has read 0 bytes and written 213 bytes* *---* *New, (NONE), Cipher is (NONE)* *Secure Renegotiation IS NOT supported* *Compression: NONE* *Expansion: NONE* *---*
Can someone help with what might be wrong in the setup?
Thanks
--
- Vijay
--
- Vijay