Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread Display Modes
Old Feb 14, 2012, 06:05 PM   #1
macrumors newbie
Join Date: Feb 2012
how to force openssl command to read ldap.conf by default?


I'm stuck with this openssl problem for a week... What I'm trying to do is to enable SSL via Open Directory. Here is what I did so far:

- Exported self-signed root certificate authority and certificate from server in .csr format, renamed to .pem and imported this CA in client machine via Keychain Access App. (later also copied to /etc/openldap/mycert)

- At Terminal window I entered: <openssl s_client -connect aaa.example.com:636 -showcert"> and copied the server certificate that begin with "----BEGIN CERTIFICATE----", pasted on Textedit and saved it with a name "mycert.pem".

- under /etc/openldap I created mycert directory and pasted those two pem file mentioned above, and rehashed with command <sudo c_rehash> and it created link files that have a .0 extension.

- at this moment I redo <openssl s_client -connect aaa.example.com:636 -CApath /etc/openldap/mycert> and it returns "Verify return code: 0 (ok)".

- I thought everything's fine so I modified /etc/openldap/ldap.conf and added the line "TLS_CACERTDIR /etc/openldap/mycert", so that I run again openssl command without -CAPath and then it returned "Verify return code: 21 (unable to verify the first certificate)". What's wrong here...?

- when I run the command <ldapsearch -V -x -H ldaps://aaa.example.com:636 -b "dc=aaa,dc=example,dc=com"> it returns "result: 0 success". I also opened Directory Utility and double clicked LDAPv3 in the Services tab, and ticked "SSL" box. It seemed that everything went well, but when I restart my iMac/Macbook, at the login window it doesn't show available directory network anymore (without SSL works fine).

my enviroment is:
Intel imac 24 late 2006 - snow leopard 10.6.8 Server,
Intel imac 27 late 2009 - snow leopard 10.6.8,
macbook pro Intel 2011 - snow leopard 10.6.8.

If anyone knows how to force openssl to real properly ldap.conf file, or knows how to fix this problem, please answer me. Thanks!
natadecoco is offline   0 Reply With Quote

MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
What command am I supposed to use to set read-write to my hdd drive? maceatsapple MacBook 0 Sep 16, 2013 09:39 AM
Force hibernate, but default to sleep Supp0rtLinux OS X 10.8 Mountain Lion 8 Mar 4, 2013 11:55 AM
httpd_server_app.conf vs httpd.conf - could someone please clarify? zzTontozz Mac OS X Server, Xserve, and Networking 0 Jan 28, 2013 08:04 PM
Default slide to read on new messages johndallas999 iOS 6 2 Nov 29, 2012 04:44 PM
iPad Mini: Default font override in Perfect Browser makes things much easier to read Jacoblee23 iPad 47 Nov 19, 2012 12:31 PM

Forum Jump

All times are GMT -5. The time now is 06:49 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2015, MacRumors.com, LLC