directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthias Cramer <matthias.cra...@iway.ch>
Subject Re: [ApacheDS] Ceritficate for StartTLS
Date Wed, 06 Jan 2010 12:19:26 GMT
Hi Beat

Beat Burgener | NetSuccess GmbH wrote:
> Matthias,
> 
> what tool do you use to connect to Apache DS? I use Apache Directory
> Studio, and AFAIR,
> there was an error if the certificate does not match the FQDN.

When connectiong with apache studio ans starttls i get a cert error and
ehen showing the cert i get the one with cn=ApacheDS.

When connecting with ldaps I do get the right cert.

When using openssl s_client on port 636 i also get the right cert.

> However, connecting either using LDAPS on Port 636 or via StartTLS on
> port 389, I don't get an error.
> I don't konw of a way to display the certificate details of a connection
> in the AD Studio though ...

Have not found anything too. and openssl can't do starttls for ldap.

As it looks like, the starttls extension does not honor the keystore
configured in the ldapServer config.


Regards

  Matthias

-- 
Matthias Cramer / mc322-ripe   Senior Network & Security Engineer
iway AG	                       Phone +41 43 500 1111
Josefstrasse 225               Fax   +41 44 271 3535
CH-8005 Z├╝rich                 http://www.iway.ch/
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E  3959 B62F DF1C 2D20 8250


Mime
View raw message