directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthias Cramer <matthias.cra...@iway.ch>
Subject Re: [ApacheDS] Ceritficate for StartTLS
Date Wed, 06 Jan 2010 11:30:03 GMT
Hi Beat

I have it exactly that way. And ldaps works well. but starttls still
uses the old cert.

Ragrds

  Matthias

Beat Burgener | NetSuccess GmbH wrote:
> Matthias, no problem at all ...
> 
> Please refer to this post of Stefan as I had the same issue earlier this
> year:
> 
>>
> -------------------------------------------------------------------------------------
> 
> 
>>  Further, I would like to use our self-signed and later "trusted" SSL
>>  certificate for
>>  the SSL communication, but the web page doc and the current config are
>>  different:
>>
>>   From the web page:
>>
>>   <ldapService id="ldapsService"
>>               enabled="true"
>>               tcpPort="10636"
>>               enableLdaps="true"
>>               nbTcpThreads="8"
>>               keystoreFile="C:/java/apacheds-1.5.5/conf/zanzibar.ks"
>>               certificatePassword="secret">
>>     <directoryService>#directoryService</directoryService>
>>   </ldapService>
>>
>>
>>   From what I see in our config:
>>
>>  <ldapServer id="ldapServer"
>>             allowAnonymousAccess="false"
>>             saslHost="ldap.netsuccess.ch"
>>             saslPrincipal="ldap/ldap@netsuccess.ch"
>>             searchBaseDn="ou=users,ou=system"
>>             maxTimeLimit="15000"
>>             maxSizeLimit="1000">
>>     <transports>
>>       <tcpTransport address="0.0.0.0" port="389" nbThreads="8"
>>  backLog="50" enableSSL="false"/>
>>       <tcpTransport address="0.0.0.0" port="636" enableSSL="true"/>
>>     </transports>
>>
>>     <directoryService>#directoryService</directoryService>
>>
>>   </ldapServer>
>>
>>
>>  This appears quiet different, as some of the attributes in the sample
>>  config ended up in the<tcpTransport>
>>  definition ... where should the keystore definition go?
> 
> Yes. this has been changed from 1.5.4 to 1.5.5. The right place should
> be the 'ldapServer element':
> 
> <ldapServer id="ldapServer"
>            keystoreFile="..."
>            certificatePassword="secret"
>            allowAnonymousAccess="false"
>            saslHost="ldap.netsuccess.ch"
>            saslPrincipal="ldap/ldap@netsuccess.ch"
>            searchBaseDn="ou=users,ou=system"
>            maxTimeLimit="15000"
>            maxSizeLimit="1000">
> 
>>  -------------------------------------------------------------------------------------
>>
> 
> 
> 
> Best regards
> 
> Beat
> 
> 
> On 06.01.2010 10:44 AM, Matthias Cramer wrote:
>> Hi Beat
>>
>> I'm using 1.5.5
>>
>> Sorry for not mentioning it.
>>
>> Regards
>>
>>    Matthias
>>
>> Beat Burgener | NetSuccess GmbH wrote:
>>   
>>> Matthias
>>>
>>> Which version of Apache DS do you use?
>>>
>>> Beat
>>>
>>> On 06.01.2010 10:32 AM, Matthias Cramer wrote:
>>>     
>>>> Hi
>>>>
>>>> I'm fairly new to Apache DS but managed to get all working what I like
>>>> till now. I've generated an new SSL Cert and configured it into
>>>> server.xml so that it works for normal SSL ldaps connections.
>>>> But when I do starttl still the default certificate that came with the
>>>> package get's used. How do I replace this one. I did not find anything
>>>> on the website and google was of no help too.
>>>>
>>>> Any hint is appreciated.
>>>>
>>>> Regards
>>>>
>>>>     Matthias
>>>>
>>>>
>>>>        
>>
>>    


-- 
Matthias Cramer / mc322-ripe   Senior Network & Security Engineer
iway AG	                       Phone +41 43 500 1111
Josefstrasse 225               Fax   +41 44 271 3535
CH-8005 Z├╝rich                 http://www.iway.ch/
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E  3959 B62F DF1C 2D20 8250


Mime
View raw message