directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject Re: [SOLVED]Re: ApacheDS 1.52 Bad transition from state START_STATE, tag 0x80
Date Thu, 24 Apr 2008 14:49:37 GMT
Harakiri wrote:
> --- Emmanuel Lecharny <elecharny@apache.org> wrote:
>
>   
>> Seems to be a known problem with Outlook :
>>
>>     
> http://www.openldap.org/lists/openldap-software/200204/msg00723.html
>
> Well what do you know - the second issue is also a
> quirk in Outlook (any version) - the problem was -
> that the SSL certificate has to match the hostname
> exactly - if it is empty or you do not connect using
> the DNS name - outlook will simply refuse the
> connection even if the cert itself is trusted.
> Great - so what i did for testing was just edit my
> hosts file and point the IP of the apacheDS to the
> "right" DNS name.
>   
Great !

What would be very cool is to send us a quick report or 'howto' which 
can be added to our wiki. This could be very helpfull for the few person 
who are using Outlook (500 hundred millions ? ;)
> BTW: In the 1.5.2 API i didnt found an easy way to
> change the SSL Certificate (previously a
> setCertificateFile etc existed) - so i did the
> following - is this the intended way currently?
>   
The 1.5.2 version brings a very interesting feature : the server can 
self build a certificate, instead on depending on an admin to generate a 
certificate, sign it, store it in a keystore... Now, the firt time you 
try to connect to the server using LDAPS, if the server does not have a 
certificate, it will generate one, stores it into the DIT, and use it to 
establish the connexion. If needed, you can still setup your own 
certificate (for instance, if you bought one)

Of course, this is not yet doccumented ;)

Regarding the code, I would let Alex validate it.

Thanks !


-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message