directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <>
Subject [ApacheDS] Setting up my own certificate for SSL
Date Wed, 17 Dec 2008 20:37:44 GMT
Hi all,

I am facing some problems with the current (since 1.5.3, I assume) SSL 
configuration. In earlier days, it was possible to provide a keystore 
with the public/private key, certificate etc. here

Now, the server creates a keypair when it starts the first time and 
stores it in the entry uid=admin,ou=system, in different attributes.

To be honest: This is an example why our documentation is so bad. The 
old behavior has been well described in the docs. Someone changed it 
completely, and did not update the docs. Same situation holds true for 
the whole configuration. :-(

Nevertheless, the new SSL functionality seems to be simpler, because it 
is possible to set it up automatically. But if I plan to use a custom 
certificate, it should be at least possible. Today, there was a 
corresponding question on the user list.

I wanted to update the docs to reflect the changes, and I am still 
trying to figure out, what an easy way for our users would be.

A question for the current implementation: Is there any way to 
configure/influence the key creation at startup? I assume no, but 
perhaps I am missing something.

Currently, the only way to set up my own certificate is modifying the 
attribute values for uid=admin,ou=system

This is not an easy task, because we do not have any tools for that. 
There is no wizard in Studio yet. Even if there would be one -- it 
should be possible without a UI client, ...

I was able to store my private key, but I am a little bit confused about 
some attribute. What exactly is contained in userCertificate and what in 

I assume, userCertificate holds the certificate the server presents to 
client. But why do we need publicKey as well. I think it is contained in 
the userCertificate. No?

Thanks in advance and Greetings from Hamburg,

View raw message