Am Mittwoch 16 Juli 2008 schrieb Steve Langasek: > <snip> > > > olcTLSCACertificateFile: /etc/ldap/certs/cacert.pem > > olcTLSCertificateFile: /etc/ldap/certs/certfile.crt > > olcTLSCertificateKeyFile: /etc/ldap/certs/keyfile.key > > olcTLSVerifyClient: demand > > <snip> > > This shows that client SSL certificates are required by the server. What > does your /etc/ldap/ldap.conf look like, and what arguments are you using > when calling openssl s_client for testing?
In order to connect from a client, I use openssl s_client -connect <FQHN OF SERVER>:636 -CAfile /etc/ldap/certs/cacert.pem -showcerts -cert /etc/ldap/certs/client.crt -key /etc/ldap/certs/client.key my /etc/ldap/ldap.conf on the same host is URI ldaps://<FQHN OF SERVER> TLS_CACERT /etc/ldap/certs/cacert.pem TLS_CACERTDIR /etc/ldap/certs TLS_CERT /etc/ldap/certs/client.crt TLS_KEY /etc/ldap/certs/client.key -- +--------------------------------+ | | | Michael Kiefer | | Max-Planck-Institut für Physik | | Föhringer Ring 6 | | 80805 München | | | | Tel.: +49 89 32354 237 | | Mail: [EMAIL PROTECTED] | | | +--------------------------------+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
