Note the in generating the self-signed certificate I use "localhost" as the common name.
On Sun, Sep 7, 2014 at 2:20 PM, Vijay Ganesan <[email protected]> wrote: > > For SSL, I'm trying to install a self-signed certificate to OpenLDAP > (version 2.4.28 on Ubuntu 12.04). Followed the following steps: > *1. Created server certificate using:* > openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout > server.pem -days 365 > *2. Added following entries to /usr/share/slapd/slapd.conf:* > TLSCACertificateFile server.pem > TLSCertificateFile server.pem > TLSCertificateKeyFile server.pem > *3. Restarted openldap:* > sudo /etc/init.d/slapd restart > *4. Tried to read the certs:* > openssl s_client -connect localhost:636 -showcerts > This causes the following error: > *CONNECTED(00000003)* > *140409289410208:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:177:* > *---* > *no peer certificate available* > *---* > *No client certificate CA names sent* > *---* > *SSL handshake has read 0 bytes and written 213 bytes* > *---* > *New, (NONE), Cipher is (NONE)* > *Secure Renegotiation IS NOT supported* > *Compression: NONE* > *Expansion: NONE* > *---* > > Can someone help with what might be wrong in the setup? > > Thanks > > > > > > > > > > -- > - Vijay > > > -- - Vijay
