Hi, sorry for the stupid question, but however i am following all howtos and tutorials it is not working 1) i have created CA certificate - /etc/pki/tls/misc/CA -newca 2) i have generated a new request - /etc/pki/tls/misc/CA -newreq 3) i have signed certificate /etc/pki/tls/misc/CA -signreq SO i have CA in /etc/pki/CA i have newkey.pem i have newcert.pem i have also cealrkey.pem (without passphrase) *$ openssl rsa < newkey.pem > clearkey.pem* What to do next?? What to put in slapd.conf in order to make it work?? What to put in ldap.conf in order to communicate Really thanks in advance!! David -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080401/c9b6b8c5/attachment-0001.html>
Entries in slapd.conf TLSCipherSuite HIGH:MEDIUM TLSCACertificateFile /etc/pki/tls/misc/CA/<ca_file_name> TLSCertificateFile /etc/pki/misc/newcert.pem TLSCertificateKeyFile /etc/pki/misc/cealrkey.pem -Jason David Hl??ik wrote the following on 04/01/08 17:01:> Hi, sorry for the stupid question, > > but however i am following all howtos and tutorials it is not working > > 1) i have created CA certificate - /etc/pki/tls/misc/CA -newca > 2) i have generated a new request - /etc/pki/tls/misc/CA -newreq > 3) i have signed certificate /etc/pki/tls/misc/CA -signreq > > SO i have CA in /etc/pki/CA > i have newkey.pem > i have newcert.pem > i have also cealrkey.pem (without passphrase) > > *$ openssl rsa < newkey.pem > clearkey.pem* > > What to do next?? What to put in slapd.conf in order to make it work?? > What to put in ldap.conf in order to communicate > > Really thanks in advance!! > > David > > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080401/37bd7d7d/attachment-0001.html>
thanks to you all guys! I have already ldap working for a half year, but i did not needed tls as everything was a local-host only. and my problem of course was not there but in ldap.conf (needed to set path to CA cert) Regards, DAvid On Wed, Apr 2, 2008 at 12:35 AM, Randall Svancara <rsvancara at wsu.edu> wrote:> My advice, from a novice user stand point is to get everything working > without TLS first. Make sure your systems can authenticate and > everything is functioning. If your environment is not secure, then > build a test environment (resources pending). > > Once you have done this, then work on TLS. > > In my ldap.conf file, I have an entry like this: > > - > Randall Svancara > Systems Administrator > 509-335-7093 > > > On Tue, 2008-04-01 at 23:01 +0200, David Hl??ik wrote: > > Hi, sorry for the stupid question, > > > > but however i am following all howtos and tutorials it is not working > > > > 1) i have created CA certificate - /etc/pki/tls/misc/CA -newca > > 2) i have generated a new request - /etc/pki/tls/misc/CA -newreq > > 3) i have signed certificate /etc/pki/tls/misc/CA -signreq > > > > SO i have CA in /etc/pki/CA > > i have newkey.pem > > i have newcert.pem > > i have also cealrkey.pem (without passphrase) > > > > $ openssl rsa < newkey.pem > clearkey.pem > > > > What to do next?? What to put in slapd.conf in order to make it work?? > > What to put in ldap.conf in order to communicate > > > > Really thanks in advance!! > > > > David > > > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080402/ca0baae7/attachment-0001.html>