> > how did you verify that SSL is working? Did you sniff it or what? Yes, using snoop. I should say I didn't debug it using ldapsearch, so I'm still not sure what's going on with that in your case. But, since your end goal is ldap name service over SSL, have you tried that yet on the Solaris 10 client? If nothing else, it might spew some error messages (in /var/adm/messages) that give some new clues. Susan wrote: > --- George Holbert <gholbert at broadcom.com> wrote: > > >> *|# Add your ascii CA certificate to the cert DB. >> certutil -A -n "Susan's CA" -t "C,," -a -i ./susans-cacert.pem -d /var/ldap >> # List the contents of your cert DB. >> |***|certutil -L -d /var/ldap|** >> > > did all that, imported w/o problems: > > -bash-3.00# /usr/sfw/bin/certutil -L -d /var/ldap > CA certificate C,, > > ________________________________________________ > > However, this: > > ldapsearch -b "ou=profile,dc=composers,dc=company,dc=com" -h cnyitlin02 -L "cn=*" -Z -p 636 -P > /var/ldap/ > > still transmits clear text. > > > >> Try this first using certutil as included with Solaris 10 >> (/usr/sfw/bin/certutil). I think this will create a cert8 file. >> > > > It does. Doesn't seem to do any good, however. > > how did you verify that SSL is working? Did you sniff it or what? > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > >
