directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: Configure LDAPS with 1x and 2x SSL on ApacheDS 2.0 M8
Date Sat, 24 Nov 2012 23:12:19 GMT
Le 11/22/12 7:31 PM, Nick Duan a écrit :
> Could someone share some info/hits on how to setup ApacheDS 2.0 with 1 way
> and 2 way SSL (LDAPS)?  I was able to enable to run LDAPS in 1 way SSL with
> the server using ApacheStudio by enabling the default LDAPS settings on
> ApacheDS and using the server self-generated certs, but unable to configure
> the server using external certificates.   It seems there is lack of doc on
> this topic.  
>  I am particularly interested in finding answers to the
> following problems:
> 1.       I found the two LDAPS related attributes, ads-certificatePassword
> and ads=keystoreFile, under the node ou=config, ou=service,
> ou=ads-serviceid=ldapServer, but couldn't find any attribute that specifies
> the keystore password.   Would a keystore password required in this case?
no. Storng the external keystore password in the server would be a
security breach, IMO.
> 2.       How to specify truststore file path and password, and cert id,
> etc.?  If to configure LDAPS using 2 way SSL (i.e. using client cert for
> authentication)
not sure I understand...
> 3.       Where is the default self-signed certificate file/keystore
> generated by ApacheDS?
it's stored in the uid=admin, ou=system entry.

Note that we have to improve this area. Any feedback is welcome !

Emmanuel Lécharny 

View raw message