| Steve 2004-04-22, 10:34 pm |
| Hi,
I apologize for being ignorant but can someone please exlpain to me how
TLS/SSL certificates are supposed to work (in simple words)? We have a
remote LDAP server to which I successfully got connected to without
using SSL/TLS. However, since everything's being sent as clear text, I
was hoping to use TLS for authentication. I tried ldapsearch with -Z and
this is what I got:
"additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:cer
tificate verify failed"
After fooling around with the ldap.conf file, now I only get a:
ldap_bind: Can't contact LDAP server (81), even if I specify the "-v"
flag. Anyway, it can't seem to bind to the server. Then after reading a
few hundred articles on this, everyone seems to say that I need to have
a certificate with the CN set to the hostname I'm trying to connect to,
for example "myldap.server.com". Now my question is, do I generate a
certificate myself, signing it myself and setting CN to
myladp.server.com? That doesn't seem right to me.. does this instead
mean that I get a the public key/certificate that's on the LDAP server
and copy it to some directory on my box? Please, can anyone explain this
to me in simple words because I'm very confused right now.
thanks,
Steve
|