Hi I am new to OpenLDAP and have to configure and LDAP Proxy in one project. Thanks to the mailing lists I managed to setup and configure the Ldap Proxy an get it working one 389 .
One of the next requirenents is to secure the outside connection with SSL. So I have to configure LDAP over SSL .. I am using openldap 2.3.43-12.el5 on Redhat EL 5.5 (Tikanga)
I created the certificates with openssl 0.9.8e-12.el5_4.6 and configured the slapd.conf
part of slapd.conf # The next three lines allow use of TLS for encrypting connections using a # dummy test certificate which you can generate by changing to # /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on # slapd.pem so that the ldap user or group can read it. Your client software # may balk at self-signed certificates, however.
TLSCACertificateFile /etc/openldap/ssl/VordelCA.crt TLSCertificateFile /etc/openldap/ssl/VordelDevInt.crt TLSCertificateKeyFile /etc/openldap/ssl/VordelDev.key TLSCipherSuite HIGH:MEDUIM:!SSLv2 TLSVerifyClient never
... ######
server got up on 636 but when I try to connect I get SSL handshake error ...
when I test on the server itself .. openssl s_client -connect 192.168.30.169:389 -showcerts -CAfile ./ssl/VordelCA.crt CONNECTED(00000003) 710:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
I got this one ...
any idea whats my problem ?
regards Axel