On Fri, Jun 09, 2006 at 05:25:59PM -0500, Kenyatta Senior wrote:
> >> No client certificate CA names sent
> >
> >The server is not asking for client certificates. You need to
> >configure it to do that and give it a non-empty CAfile.
> >
> >> Shouldn't i see something like:
> >>
> >> Acceptable client certificate CA names
> >>
> >> instead of
> >>
> >> No client certificate CA names sent
> >>
> >> when i run that particular command???
> >
> >Only when the server is configured to ask for client certs and has
> >a non-empty CAfile.
>
> Victor :
> please bear with my ignorace BUT I thouht placing
> TLSCACertificateFile /etc/ldap/tls/cacert.pem
> TLSCertificateFile /etc/ldap/tls/servercert.pem
> TLSCertificateKeyFile /etc/ldap/tls/serverkey.pem
> TLSVerifyClient demand
>
> This in my slapd.conf and in my ldap.conf
> TLS_CACERT /etc/ssl/certs/cacert.pem
> TLS_REQCERT demand
>
> Would send a Client Certificate.
Who reads "ldap.conf", the server or the client? Check that "demand" is
an appropriate setting for "TLSVerifyClient" (yes/no makes more sense).
I know nothing about OpenLDAP with TLS, questions about how to configure
OpenLDAP belong on an LDAP list.
Clearly you current configuration does not result in the server requesting
client certificates. Until the server requests client certificates,
the client won't send any.
> Wel l if that isn't the way how can i send it? Even if u don't feel
> liek giving me the 'fish' can u please point me in the right
> direction??
This is the openssl-users list. We have identified the SSL issue (server
does not ask for certificates), now you an LDAP server configuration issue,
this is not the right forum for that.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
