directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <>
Subject Re: Certificate for TLS connection to ApacheDS
Date Sun, 12 Jul 2009 18:11:06 GMT
Hi Thorsten,

Thorsten Kampe schrieb:
> * Kiran Ayyagari (Sun, 12 Jul 2009 12:47:15 +0530)
>>> I'm trying to bind to ApacheDS 1.5.4 via TLS with Python-LDAP. For
>>> that ("OPT_X_TLS_CACERTFILE") I need the "X.509 certificate of the
>>> CA that certified the LDAP server's public key".
>>> Where or how can I get that key?
>> The certificate and the key pair data is stored in the admin entry
>> with DN uid=admin,ou=system
>> P.S:- You can use Apache Directory Studio to extract the required
>> information.
> Thanks for the response. Could you elaborate? I tried to get the 
> certificate with LDAP Admin, Softerra LDAP Browser and LDAPSoft's LDAP 
> Browser but I was not able to establish a TLS connection with those 
> certificate(s) (while it worked to Active Directory and eDirectory).
> Do I have to export publicKey, privateKey or userCertificate? How can I 
> export that with Apache Directory Studio?

The certificate of a default ApacheDS installation is self-singed (thus
its own CA certificate) and stored in userCertificate attribute of
uid=admin,ou=system. You could just save the value (Using Studio or any
other tool):
- Go to uid=admin,ou=system
- In the Entry Editor, edit the userCertificate attribute, this should
open the "Hex Editor" (in Studio 1.5 there will be a certificate
viewer/editor and certificate validation, btw)
- Use the "Save" button in the opened dialog and save it to disk
- The certificate is stored in DER format.

Please see additionally [1] for more information of the SSL/StartTLS
configuration and certificate handling. The page is not up-to-date, but
most information is still valid.

Kind Regards,


View raw message