Daniel,
Please perform the below steps to create certificate... $ /usr/lib/ssl/misc/CA.pl -newreq $ /usr/lib/ssl/misc/CA.pl -signreq $ openssl rsa < newkey.pem > clearkey.pem
then $ sudo cp cacert.pem /usr/share/ca-certificates/Domain.crt
Then, edit the /etc/ca-certificates.conf file, and add Domain.crt at the end of the file. Finally, run update-ca-certificates:
$ sudo update-ca-certificates Updating certificates in /etc/ssl/certs....done.
Thanks, -Arun
Message: 9 Date: Sun, 18 Sep 2011 22:59:51 -0400 From: Daniel Qian daniel@up247solution.com To: openldap-technical@openldap.org Subject: Re: open LDAP + TLS/SSL bind Failed. Message-ID: 4E76B027.9020800@up247solution.com Content-Type: text/plain; charset="utf-8"; Format="flowed"
On 11-09-16 3:57 AM, vijay s sheelavantar wrote:
Hi, I am trying to configure LDAP Client/server on 2 Fedora-10 linux
machines.
I have installed and configured openldap-2.4.26 server on one machine and pam_ldap-186, nss_ldap-265 on the other machines.
I have created the TLS certificates using following command on the
server.
openssl req -newkey rsa:1024 -x509 -nodes -out \ server.pem -keyout server.pem -days 3650
and I have created the client.pem by copying CERTIFICATE portion of the server.pem.
When my client try to connect to the server I get following errors.
*TLS trace: SSL3 alert read:fatal:unknown CA TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca. connection_read(12): TLS accept failure error=-1 id=1012, closing connection_closing: readying conn=1012 sd=12 for close connection_close: conn=1012 sd=12 daemon: removing 12 conn=1012 fd=12 closed (TLS negotiation failure)
My Configurations are as follows.
slapd.conf
access to attrs=userPassword by self write by anonymous auth by * none
access to * by * read
#TLS Certificate section TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA TLSCACertificateFile /etc/openldap/cacerts/server.pem TLSCertificateFile /etc/openldap/cacerts/server.pem TLSCertificateKeyFile /etc/openldap/cacerts/server.pem TLSVerifyClient allow
and client side ldap.conf
base dc=samsung,dc=com uri ldaps://10.254.204.181/ TLS_CACERT /etc/openldap/cacerts/client.pem pam_password md5
nsswitch.conf
passwd: files ldap shadow: files ldap group: files ldap
netgroup: files ldap automount: files ldap
I am not getting why it is saying Unknown ca. even though the certificate is created on server machine itself.
Kindly help me to solve this problem.
http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/ signatureline.htm@Middle?
Treat yourself at a restaurant, spa, resort and much more with *Rediff
Deal ho jaye!
you may try this
cd /etc/openldap/cacerts/ ln -s client.pem `openssl x509 -noout -hash -in client.pem`.0
openldap-technical@openldap.org