Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 14, 2012, 06:05 PM   #1
natadecoco
macrumors newbie
 
Join Date: Feb 2012
how to force openssl command to read ldap.conf by default?

Hi,

I'm stuck with this openssl problem for a week... What I'm trying to do is to enable SSL via Open Directory. Here is what I did so far:



- Exported self-signed root certificate authority and certificate from server in .csr format, renamed to .pem and imported this CA in client machine via Keychain Access App. (later also copied to /etc/openldap/mycert)

- At Terminal window I entered: <openssl s_client -connect aaa.example.com:636 -showcert"> and copied the server certificate that begin with "----BEGIN CERTIFICATE----", pasted on Textedit and saved it with a name "mycert.pem".

- under /etc/openldap I created mycert directory and pasted those two pem file mentioned above, and rehashed with command <sudo c_rehash> and it created link files that have a .0 extension.

- at this moment I redo <openssl s_client -connect aaa.example.com:636 -CApath /etc/openldap/mycert> and it returns "Verify return code: 0 (ok)".

- I thought everything's fine so I modified /etc/openldap/ldap.conf and added the line "TLS_CACERTDIR /etc/openldap/mycert", so that I run again openssl command without -CAPath and then it returned "Verify return code: 21 (unable to verify the first certificate)". What's wrong here...?

- when I run the command <ldapsearch -V -x -H ldaps://aaa.example.com:636 -b "dc=aaa,dc=example,dc=com"> it returns "result: 0 success". I also opened Directory Utility and double clicked LDAPv3 in the Services tab, and ticked "SSL" box. It seemed that everything went well, but when I restart my iMac/Macbook, at the login window it doesn't show available directory network anymore (without SSL works fine).



my enviroment is:
Intel imac 24 late 2006 - snow leopard 10.6.8 Server,
Intel imac 27 late 2009 - snow leopard 10.6.8,
macbook pro Intel 2011 - snow leopard 10.6.8.

If anyone knows how to force openssl to real properly ldap.conf file, or knows how to fix this problem, please answer me. Thanks!
natadecoco is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
How to supercharge Mini? ranny2 Mac mini 18 Oct 27, 2011 08:53 PM
How To Remove Server Part Of Lion? hhaydenn iMac 2 Aug 18, 2011 05:21 PM
how to make an iso into a img (does not work as an .iso) mud25 Mac Basics and Help 2 Jul 19, 2011 09:30 PM
How to force Time Machine to back up to a smaller drive akadmon OS X 0 Sep 13, 2008 03:49 PM
How to force the desktop to refresh? Gary King OS X 1 Mar 20, 2006 01:43 AM


All times are GMT -5. The time now is 08:43 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC