directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Beat Burgener | NetSuccess GmbH <beat.burge...@netsuccess.ch>
Subject Re: [ApacheDS] Ceritficate for StartTLS
Date Wed, 06 Jan 2010 10:55:36 GMT
Matthias, no problem at all ...

Please refer to this post of Stefan as I had the same issue earlier this 
year:

 > 
-------------------------------------------------------------------------------------

>  Further, I would like to use our self-signed and later "trusted" SSL
>  certificate for
>  the SSL communication, but the web page doc and the current config are
>  different:
>
>   From the web page:
>
>   <ldapService id="ldapsService"
>               enabled="true"
>               tcpPort="10636"
>               enableLdaps="true"
>               nbTcpThreads="8"
>               keystoreFile="C:/java/apacheds-1.5.5/conf/zanzibar.ks"
>               certificatePassword="secret">
>     <directoryService>#directoryService</directoryService>
>   </ldapService>
>
>
>   From what I see in our config:
>
>  <ldapServer id="ldapServer"
>             allowAnonymousAccess="false"
>             saslHost="ldap.netsuccess.ch"
>             saslPrincipal="ldap/ldap@netsuccess.ch"
>             searchBaseDn="ou=users,ou=system"
>             maxTimeLimit="15000"
>             maxSizeLimit="1000">
>     <transports>
>       <tcpTransport address="0.0.0.0" port="389" nbThreads="8"
>  backLog="50" enableSSL="false"/>
>       <tcpTransport address="0.0.0.0" port="636" enableSSL="true"/>
>     </transports>
>
>     <directoryService>#directoryService</directoryService>
>
>   </ldapServer>
>
>
>  This appears quiet different, as some of the attributes in the sample
>  config ended up in the<tcpTransport>
>  definition ... where should the keystore definition go?

Yes. this has been changed from 1.5.4 to 1.5.5. The right place should
be the 'ldapServer element':

<ldapServer id="ldapServer"
            keystoreFile="..."
            certificatePassword="secret"
            allowAnonymousAccess="false"
            saslHost="ldap.netsuccess.ch"
            saslPrincipal="ldap/ldap@netsuccess.ch"
            searchBaseDn="ou=users,ou=system"
            maxTimeLimit="15000"
            maxSizeLimit="1000">

>  -------------------------------------------------------------------------------------



Best regards

Beat


On 06.01.2010 10:44 AM, Matthias Cramer wrote:
> Hi Beat
>
> I'm using 1.5.5
>
> Sorry for not mentioning it.
>
> Regards
>
>    Matthias
>
> Beat Burgener | NetSuccess GmbH wrote:
>    
>> Matthias
>>
>> Which version of Apache DS do you use?
>>
>> Beat
>>
>> On 06.01.2010 10:32 AM, Matthias Cramer wrote:
>>      
>>> Hi
>>>
>>> I'm fairly new to Apache DS but managed to get all working what I like
>>> till now. I've generated an new SSL Cert and configured it into
>>> server.xml so that it works for normal SSL ldaps connections.
>>> But when I do starttl still the default certificate that came with the
>>> package get's used. How do I replace this one. I did not find anything
>>> on the website and google was of no help too.
>>>
>>> Any hint is appreciated.
>>>
>>> Regards
>>>
>>>     Matthias
>>>
>>>
>>>        
>
>    

Mime
View raw message