-
Arnaud Forster replied to a discussion, Use imported certificate to connect to LDAP Serverthans Nick.
Yes, there's no other error message. Just changing the certficates in my slapd.conf cause this error :
I was able to create my keyfile using , as you said, the rsa option -
-
Nick Howitt replied to a discussion, Use imported certificate to connect to LDAP ServerArnaud Forster wrote:
Use "rsa" and not "x509" for keys.
Ok, so I'm gonna try to copy an rename it.
Here was the error message I get when trying to convert my key file :
[root@master certificate_manager.d]# openssl x509 -text -outform der -in GFBienne.key -out GFBienne-key.pem
unable to load certificate
140612166498192:error:0906D06C:PEM routines:PEM_read_bio:no start line
em_lib.c:707:Expecting: TRUSTED CERTIFICATE
[root@master certificate_manager.d]# ls -l
You'd have to find out why slapd failed to start. There is no clue in the message you posted. Did you remember to make the user ldap a member of ssl-certs? -
-
Arnaud Forster replied to a discussion, Use imported certificate to connect to LDAP Server
O, I was able to convert / rename my certificates but my ldap server refuse them ...
...
Process: 9003 ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=1/FAILURE)
Process: 8975 ExecStartPre=/usr/libexec/openldap/prestart.sh (code=exited, status=0/SUCCESS)
Main PID: 30479 (code=exited, status=0/SUCCESS)
avril 06 11:40:33 master.gfb.lan prestart.sh[8975]: Configuration directory '/etc/openldap/slapd.d' does not exist.
avril 06 11:40:33 master.gfb.lan prestart.sh[8975]: Warning: Usage of a configuration file is obsolete!
avril 06 11:40:33 master.gfb.lan runuser[8979]: pam_unix(runuser:session): session opened for user ldap by (uid=0)
avril 06 11:40:33 master.gfb.lan runuser[8979]: pam_unix(runuser:session): session closed for user ldap
avril 06 11:40:33 master.gfb.lan slapd[9003]: @(#) $OpenLDAP: slapd 2.4.44 (Oct 11 2019 15:35:58) $
root@build-x86_64-1.orem.clearos.com:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
avril 06 11:40:33 master.gfb.lan systemd[1]: slapd.service: control process exited, code=exited status=1
-
-
Arnaud Forster replied to a discussion, Use imported certificate to connect to LDAP Server
Ok, so I'm gonna try to copy an rename it.
Here was the error message I get when trying to convert my key file :
[root@master certificate_manager.d]# openssl x509 -text -outform der -in GFBienne.key -out GFBienne-key.pem
unable to load certificate
140612166498192:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:707:Expecting: TRUSTED CERTIFICATE
[root@master certificate_manager.d]# ls -l -
-
Nick Howitt replied to a discussion, Use imported certificate to connect to LDAP Server
Did slapd give an error? I think you can just rename the certificates.
Note that if you're using Let's Encrypt certificates you won't want to go through the Import Certificate route as it cannot be automated for every time the Let's Encrypt certificate updates. You'll want to do somethng like rsync them across from the originating server. Then have the receiving sever watch for new certificates being received, move them into place and restart slapd. -
-
Ammo Board shared a linkBulk Ammo Deals With Free ShippingBulk Ammo For Sale | Free Shipping On Bulk Ammo | Ammo Board
Bulk Ammo For Sale! In Stock Bulk Ammo from top brands. Bulk quantity available for 22LR Ammo, 223 Ammo, 9 MM Ammo. Call at 877-253-9763 for more inquiry! -
-
Arnaud Forster replied to a discussion, Use imported certificate to connect to LDAP Server
Hello Nick,
Yes thanls for that, I found the file ... but nex problem .. it seems slapd use .pem certficates and mine are crt ; intermediate and .key ones. I successfully converte my .cert and my .intermediate to .pem certificates but noway for the .key one.
I'll look for that .key file to be converted, If I can't, I'll use the CA certificate.
I come back with the details .
thanks -
-
Nick Howitt replied to a discussion, Use imported certificate to connect to LDAP Server
I am not sure that you need to. Generally, I believe, you can just import the ClearOS CA into the third party apps.
If you do want to use Let's Encrypt certificates, have a look at the Let's Encrypt howto and adapt one of the cyrus-imap or smtp/postfix methods. The file you need to edit is probably /etc/openldap/slapd.conf where there are three PEM entries. Guessing, but TLSCACertificateFile must point to the CA bundle (/etc/pki/tls/certs/ca-bundle.crt), TLSCertificateFile to your fullchain file and TLSCertificateKeyFile to your key file. When you get it all working and have confirmed it is is working with your third part app, please post back with the details and I'll add it to the howto. -
-
Arnaud Forster started a new discussion, Use imported certificate to connect to LDAP Server
Use imported certificate to connect to LDAP Server
Hello all,
I imported into my system a wildcard certificate. I installed it and declare it to use with the webconfig console.
Now, I need to connect to my OpenLDAP server from other applications and I wanted to use my certificate. But, as I can see, my OpenLDAP still use my orginal self-signed certificate.
Is there a way to change that to make my ldap use my imported certificate ?
Thanks to all for your help -
Toggle Sidebar
