>> Vijay Ganesan <vijay(a)thoughtspot.com> schrieb am
08.09.2014 um 03:45 in
Nachricht
<CAB+CZKA5UqdD2DqEERwMfHxyaB9hVGLyFZiSxDmxj3NuYpw_xw(a)mail.gmail.com>:
Note the in generating the self-signed certificate I use
"localhost" as the
common name.
Why do you need to proove the identity of localhost? Did you understand what PKI is all
about?
On Sun, Sep 7, 2014 at 2:20 PM, Vijay Ganesan <vijay(a)thoughtspot.com> wrote:
>
> For SSL, I'm trying to install a self-signed certificate to OpenLDAP
> (version 2.4.28 on Ubuntu 12.04). Followed the following steps:
> *1. Created server certificate using:*
> openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout
> server.pem -days 365
> *2. Added following entries to /usr/share/slapd/slapd.conf:*
> TLSCACertificateFile server.pem
> TLSCertificateFile server.pem
> TLSCertificateKeyFile server.pem
> *3. Restarted openldap:*
> sudo /etc/init.d/slapd restart
> *4. Tried to read the certs:*
> openssl s_client -connect localhost:636 -showcerts
> This causes the following error:
> *CONNECTED(00000003)*
> *140409289410208:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:177:*
> *---*
> *no peer certificate available*
> *---*
> *No client certificate CA names sent*
> *---*
> *SSL handshake has read 0 bytes and written 213 bytes*
> *---*
> *New, (NONE), Cipher is (NONE)*
> *Secure Renegotiation IS NOT supported*
> *Compression: NONE*
> *Expansion: NONE*
> *---*
>
> Can someone help with what might be wrong in the setup?
>
> Thanks
>
>
>
>
>
>
>
>
>
> --
> - Vijay
>
>
>
--
- Vijay