directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <>
Subject Re: [ApacheDS] Ceritficate for StartTLS
Date Wed, 06 Jan 2010 12:28:51 GMT
Hi Matthias,

Matthias Cramer wrote:
> As it looks like, the starttls extension does not honor the keystore
> configured in the ldapServer config.

Yes, you are right. I just checked the source code and the configured 
keystore in server.xml isn't used for StartTLS extended operation :-/

You could find the certificate and key that is use in the Admin Entry 

dn: uid=admin,ou=system
keyAlgorithm: RSA
privateKey:: ...
privateKeyFormat: PKCS#8
publicKey:: ...
publicKeyFormat: X.509
userCertificate:: ...

What you need to do is to extract the private key, public key and 
certificate from your keystore and replace the attributes privateKey, 
publicKey and userCertificate with those guys. You could use Portacle 
and OpenSSL to extract those information. If you need further help don't 
hesitate to ask.

Not very user friendly right now...

Kind Regards,

View raw message