Return-Path: 
 <users-return-1991-apmail-directory-users-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-users-archive@www.apache.org
Received: (qmail 81632 invoked from network); 22 Dec 2008 10:17:37 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 22 Dec 2008 10:17:37 -0000
Received: (qmail 97468 invoked by uid 500); 22 Dec 2008 10:17:37 -0000
Delivered-To: apmail-directory-users-archive@directory.apache.org
Received: (qmail 97308 invoked by uid 500); 22 Dec 2008 10:17:37 -0000
Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@directory.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@directory.apache.org>
List-Post: <mailto:users@directory.apache.org>
List-Id: <users.directory.apache.org>
Reply-To: users@directory.apache.org
Delivered-To: mailing list users@directory.apache.org
Received: (qmail 97297 invoked by uid 99); 22 Dec 2008 10:17:37 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Dec 2008 02:17:37 -0800
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of elecharny@gmail.com designates
 209.85.128.191 as permitted sender)
Received: from [209.85.128.191] (HELO fk-out-0910.google.com) (209.85.128.191)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Dec 2008 10:17:27 +0000
Received: by fk-out-0910.google.com with SMTP id e30so1007743fke.9
        for <users@directory.apache.org>;
 Mon, 22 Dec 2008 02:17:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:user-agent
         :mime-version:to:subject:references:in-reply-to:content-type
         :content-transfer-encoding:from;
        bh=++COR2OKbQSYAKqDyRSuieN2fK/skaoQIxNdQ6ZZSRc=;
        b=CQSCRq9ghFaKCiTlSQuUyHsM3JQIGfG96aHhvjOphz7P3thKG2A85im9IrovOUAnDG
         QUffeiXbEMNjlgHCKldPtJwsDedPh1vBpUnMIS1uCMvAol5eQO0Kzgb7ueitjDGrBEN7
         oFbsbbWbIc+HYGlgZ+bU3nJDS1thKevjUMlEI=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding:from;
        b=cV30kf85qvuMbne4r7hRRrsh2odSZOnaOTnu7eXslPdmIFVl0yo54JTj8f7RrjQrcZ
         XqVpQ3AYMWam1yHceXUCNdf0bboqXxnRVc5P7BEvVQVKKMJeMhl8KB1L73+ye84LS00P
         CmP3lqbMuOCRWArabT+p7Deb5t1wKO0y0f6G0=
Received: by 10.103.226.20 with SMTP id d20mr2238288mur.8.1229941027268;
        Mon, 22 Dec 2008 02:17:07 -0800 (PST)
Received: from ?192.168.0.11? ([78.226.4.211])
        by mx.google.com with ESMTPS id
 j10sm10772763muh.27.2008.12.22.02.17.05
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 22 Dec 2008 02:17:06 -0800 (PST)
Message-ID: <494F6920.803@nextury.com>
Date: Mon, 22 Dec 2008 11:17:04 +0100
User-Agent: Thunderbird 2.0.0.18 (X11/20081125)
MIME-Version: 1.0
To: users@directory.apache.org
Subject: Re: Using Ldaps With Apacheds 1.5.5
References: <235975.91715.qm@web52201.mail.re2.yahoo.com>
In-Reply-To: <235975.91715.qm@web52201.mail.re2.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
From: Emmanuel Lecharny <elecharny@gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org

Harakiri wrote:
>
> --- On Thu, 12/18/08, Emmanuel Lecharny <elecharny@gmail.com> wrote:
>
>   
>> From: Emmanuel Lecharny <elecharny@gmail.com>
>> Subject: Re: Using Ldaps With Apacheds 1.5.5
>> To: users@directory.apache.org
>> Date: Thursday, December 18, 2008, 8:39 AM
>> Michael Ibbeken wrote:
>>     
>>> We had the same problem and worked around it by
>>> using our own ldapserver class to set up the
>>>       
>> certificates
>>     
>>> the way we need them and use them for ssl
>>>       
>> configuration.
>>     
>>> Overwriting the keys for uid=admin,ou=system did not
>>>       
>> work out
>>     
>>> as expected so that we had to use our own ldapserver
>>>       
>> class.
>>     
>>>   
>>>       
>> I think we have to modify the way the server is
>> initialized. Allowing the server to use an external keystore
>> should be possible. I will try to modify the server in order
>> to add such a configuration possible. Hopefully, this will
>> be added to the upcoming 1.5.5 version.
>>
>>     
>
>
> I already submitted a ticket regarding that earlier this year, so this request is nothing new
>
> "there should be an option for admins to simply change the SSL key to a valid/trusted one - in 1.52 the only way i found so far 
> for modifying the SSL key is programatically this way "
>
> https://issues.apache.org/jira/browse/DIRSERVER-1164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>   
Yep, it has been scheduled for 1.5.6.

Right now, the 1.5.5 version will allow a user to specify the local 
Keystore instead of using the generated certificate. This is already 
working, if you build the trunk.

-- 
--
cordialement, regards,
Emmanuel L�charny
www.iktek.com
directory.apache.org