On 2014-06-30 16:25, Gregor Burck wrote:> Hi,
>
> for an application (egroupware) I tried to switch on TLS:
> tls enabled = Yes
> tls keyfile = /etc/ssl/private/edad001.pem
> tls certfile = /etc/ssl/certs/edad001.crt
> tls cafile = /etc/ssl/certs/RootCA_.crt
>
> But egroupware still told me tls is needed.
> With witch test I could test if TLS is work or not?
Try:
> openssl s_client -connect your.server.name:636 -CAfile
/etc/ssl/certs/RootCA_.crt
This tests ldaps://your.server.name/, make sure that you get "Verify
return code: 0 (ok)" as result ? most ldap libraries fail to properly
report certificate issues and just die.
If that works, but not egroupware, make sure it uses your CA
certificate, the right server name (=the one in the certificate), and
ldaps:// (on port 636) or starttls (on port 389).
--
Mit freundlichen Gr??en, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20140630/401fce06/attachment.pgp>