On Thu, 25 Nov 2010, bluethundr wrote: > Hey list, > > I was having a similar SSL/openLDAP problem to this last week. I had > a chance to look at this again today and it still appears to not be > working. I called godaddy and had the last cert cancelled and reissued > as I had mis-typed the name of the CN on the last one. > > I am trying to setup a Godaddy turbo SSL certificate with an openLDAP > 2.4 server under FreeBSD 8.1. > > [r...@lbsd2:/usr/home/bluethundr]#pkg_info | grep openldap > openldap-sasl-client-2.4.23 Open source LDAP client implementation > with SASL2 support > openldap-sasl-server-2.4.23 Open source LDAP server implementation >
I bet you better check filenames, and permissions of cacert, client cert, and key file. And certification chain. using openssl s_client provide full path to certificate file. CA Certificate, certification chain, keyfile and client certificate are, as you know, different things, also check default client cert location in /etc/ldap/ldap.conf and server cert in slapd.conf, etc. ( man 5 ldap.conf ). Also investigate TLS_REQCERT option, subject of certificate's key file's password. And probably, if interested, CRL usage and purpose.. I must admit I didn't read your post with appropriate attention, but, regarding mis-type you mentioned, I bet it's permissions and default file locations related. Regards, DT
