Thanks Dave - that worked.
I am still some problem with the certificates though.
If it I try this in the directory where the certificates are:
openssl s_client -connect localhost:636 -CAfile filename
I get a listing of the certificates without errors.
If I try:
ldapsearch -H ldaps://localhost:636
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
openssl s_client -connect localhost:636 -CAfile filename
I get a listing of the certificates without errors.
If I try:
ldapsearch -H ldaps://localhost:636
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
If I start the console using:
centos-idm-console -a https://127.0.0.1:9830
I have to "Accept" the certificate each time.
It looks like there may be some problem with the certificate or some setting in DS that still needs to be switched on.
What do you think?
centos-idm-console -a https://127.0.0.1:9830
I have to "Accept" the certificate each time.
It looks like there may be some problem with the certificate or some setting in DS that still needs to be switched on.
What do you think?
Thanks again for all of your help!
On Wed, Jun 17, 2009 at 7:58 AM, David (Dave) Donnan <david.donnan@xxxxxxxxxxxxxxx> wrote:
Hello. I think I understand the problem.
I copied the CA cert locally to /tmp/CAcert.txt
I then ran 'system-config-authentication' and used a URL like the following (where it says 'Download CA Certificate'):
file:///tmp/CAcert.txt
It's a lazy man's approach but it worked.
Cdlt, Dave
--------
And John A. Sullivan III wrote:On Tue, 2009-06-16 at 19:25 -0500, Doug Coats wrote:So my next hurdle I am tackling SSL certificates. I produced self-signed certificates and have installed them in through the Management Console. I can run the Management Console using a secure connection. Linux uses DS to authenticate (configured using System > Administration > Authentication and enableing LDAP support). If I try to "Use TLS to encrypt connection" I can't program a URL that will let me download the CA Certificate successfully. I hope that all made sence. Am I missing something? Do I need this?<snip>Sorry, I don't quite follow. I know it was a difficult to follow post but I did post how we set up SSL communications including the client side setup. We simply copied the CA cert to the clients (servers using LDAP for authentication) via scp - John
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
