>>> Vijay Ganesan <[email protected]> schrieb am 08.09.2014 um 03:45 in Nachricht <cab+czka5uqdd2dqeerwmfhxyab9hvglyfzisxdmxj3nuypw...@mail.gmail.com>: > Note the in generating the self-signed certificate I use "localhost" as the > common name.
Why do you need to proove the identity of localhost? Did you understand what PKI is all about? > > On Sun, Sep 7, 2014 at 2:20 PM, Vijay Ganesan <[email protected]> wrote: > >> >> For SSL, I'm trying to install a self-signed certificate to OpenLDAP >> (version 2.4.28 on Ubuntu 12.04). Followed the following steps: >> *1. Created server certificate using:* >> openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout >> server.pem -days 365 >> *2. Added following entries to /usr/share/slapd/slapd.conf:* >> TLSCACertificateFile server.pem >> TLSCertificateFile server.pem >> TLSCertificateKeyFile server.pem >> *3. Restarted openldap:* >> sudo /etc/init.d/slapd restart >> *4. Tried to read the certs:* >> openssl s_client -connect localhost:636 -showcerts >> This causes the following error: >> *CONNECTED(00000003)* >> *140409289410208:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake >> failure:s23_lib.c:177:* >> *---* >> *no peer certificate available* >> *---* >> *No client certificate CA names sent* >> *---* >> *SSL handshake has read 0 bytes and written 213 bytes* >> *---* >> *New, (NONE), Cipher is (NONE)* >> *Secure Renegotiation IS NOT supported* >> *Compression: NONE* >> *Expansion: NONE* >> *---* >> >> Can someone help with what might be wrong in the setup? >> >> Thanks >> >> >> >> >> >> >> >> >> >> -- >> - Vijay >> >> >> > > > -- > - Vijay
