TLS for dummies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Just basic stuff...I promise I have been through the wiki and the
Administrator's guide (managing SSL and SASL) several times.

Using openssl generated CA certificate and used that to sign CSR's from
console application and loaded them all into console application. Have
restarted FDS and it seems to be happy - but just to confirm...

lifted from /opt/fedora-ds/slapd-srv1/logs/errors
[09/Dec/2005:08:33:47 -0700] - Fedora-Directory/1.0.1 B2005.342.165
starting up
[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in
backend userRoot, attempting to create one...
[09/Dec/2005:08:33:47 -0700] - Key for cipher AES successfully generated
and stored
[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher 3DES in
backend userRoot, attempting to create one...
[09/Dec/2005:08:33:47 -0700] - Key for cipher 3DES successfully
generated and stored
[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in
backend NetscapeRoot, attempting to create one...
[09/Dec/2005:08:33:48 -0700] - Key for cipher AES successfully generated
and stored
[09/Dec/2005:08:33:48 -0700] - No symmetric key found for cipher 3DES in
backend NetscapeRoot, attempting to create one...
[09/Dec/2005:08:33:48 -0700] - Key for cipher 3DES successfully
generated and stored
[09/Dec/2005:08:33:48 -0700] - slapd started.  Listening on All
Interfaces port 389 for LDAP requests
[09/Dec/2005:08:33:48 -0700] - Listening on All Interfaces port 636 for
LDAPS requests

MY PROBLEM
# ldapsearch -ZZ '(uid=jim)'
ldap_start_tls: Connect error (-11)
        additional info: Start TLS request accepted.Server willing to
negotiate SSL.

# tail -n4 /opt/fedora-ds/slapd-srv1/logs/access
[09/Dec/2005:11:55:26 -0700] conn=83 op=5 fd=68 closed - U1
[09/Dec/2005:12:00:58 -0700] conn=84 fd=68 slot=68 connection from
127.0.0.1 to 127.0.0.1
[09/Dec/2005:12:00:58 -0700] conn=84 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[09/Dec/2005:12:00:58 -0700] conn=84 op=0 RESULT err=0 tag=120
nentries=0 etime=0
[09/Dec/2005:12:00:58 -0700] conn=84 op=-1 fd=68 closed - Encountered
end of file.

# tail -n 7 /etc/openldap/ldap.conf
URI     ldap://srv1.clsurvey.com
HOST    srv1.clsurvey.com
BASE dc=clsurvey,dc=com
TLS_CACERTDIR /etc/ssl
TLS_CACERT server.crt
pam_password md5
TLS_REQCERT allow

My thinking is that this somehow has something to do with the TLS_CACERT
in /etc/openldap/ldap.conf (the certificate for the client).

Would this be the issue?

Is there a better method for creating the client certificate from either
the CA certificate (generated by openssl) or from the FDS Server
Certificate (also generated by openssl)?

Craig
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux