I'm attempting to configure 389 DS v184.108.40.206 on RHEL 6.2 to use TLS with
a certificate issued by a CA. I was previously able to configure TLS
support using a self-signed certificate on a test system using 389 DS
220.127.116.11, but I am not having any success with the CA-issued certificate.
Using the GUI is not an option, but I have used certutil to create the
key/certificate databases, generate a CSR, and subsequently install the
CA certificate and the signed SSL certificate.
The server has been configured to use the certificate and the LDAPS
listener has been enabled. The server starts up without complaint and
the error log shows that it is listening on both port 389 and 636.
However, attempts to connect to the LDAPS port fail:
ds1.imorgan % openssl s_client -connect localhost:636
140218505807688:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 113 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Unfortunately, there do not appear to be any log messages which indicate
the source of the problem. I've played with the trust flags for the
certificate and have even tried re-importing it; all to no avail.
Any help would be appreciated.