Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: LDAP + TLS and Common Server Certificate

  1. #1

    Default LDAP + TLS and Common Server Certificate

    Hi all!
    I'm new user of openSuse.
    I'm trying to configure LDAP + TLS with yast2 but I'm in trouble with Common Server Certificate.
    I noticed that during installation of openSuse 11.3 it didn't create CA, so, as soon as the system was installed, I created YaST_Default_CA following the first passes of this guide:

    How to recreate SMT 11 CA and server certificate

    Next, I started configuring LDAP Server whith Yast, and in the second page I clicked on "Enable TLS" but it didn't let me to click on "Use Common Server Certificate"

    So, the question is: how to enable Use Common Server Certificate ???

    Thanks to all!!

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,278
    Blog Entries
    15

    Default Re: LDAP + TLS and Common Server Certificate

    Quote Originally Posted by gvecchi
    Hi all!
    I'm new user of openSuse.
    I'm trying to configure LDAP + TLS with yast2 but I'm in trouble with
    Common Server Certificate.
    I noticed that during installation of openSuse 11.3 it didn't create
    CA, so, as soon as the system was installed, I created YaST_Default_CA
    following the first passes of this guide:

    'How to recreate SMT 11 CA and server certificate'
    (http://tinyurl.com/2cmtcak)

    Next, I started configuring LDAP Server whith Yast, and in the second
    page I clicked on "Enable TLS" but it didn't let me to click on "Use
    Common Server Certificate"

    So, the question is: how to enable Use Common Server Certificate ???

    Thanks to all!!
    Hi
    For it not to create the CA during install seems to be an error. During
    the install did you not 1. Reconfigure/or add a CA to use, then also
    during the install setup openldap?

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
    up 1 day 17:25, 3 users, load average: 0.17, 0.13, 0.06
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21


  3. #3

    Default Re: LDAP + TLS and Common Server Certificate

    I didn't setup any ldap configuration during installation, so no CA was added during installation.
    I've reinstalled the system right today, and if I dont' setup ldap, it doesn't ask me to create CA.
    Isn't possible to create it after installation???
    I'm using openSuse 11.3

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,278
    Blog Entries
    15

    Default Re: LDAP + TLS and Common Server Certificate

    Quote Originally Posted by gvecchi
    I didn't setup any ldap configuration during installation, so no CA was
    added during installation.
    I've reinstalled the system right today, and if I dont' setup ldap, it
    doesn't ask me to create CA.
    Isn't possible to create it after installation???
    I'm using openSuse 11.3
    Hi
    During the install when you get to the 'Add User' did you select ldap
    here, then also go into the software and add the YaST CA module?

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
    up 3 days 12:22, 2 users, load average: 0.08, 0.11, 0.09
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21


  5. #5
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,278
    Blog Entries
    15

    Default Re: LDAP + TLS and Common Server Certificate

    Quote Originally Posted by malcolmlewis
    Quote Originally Posted by gvecchi
    I didn't setup any ldap configuration during installation, so no CA was
    added during installation.
    I've reinstalled the system right today, and if I dont' setup ldap, it
    doesn't ask me to create CA.
    Isn't possible to create it after installation???
    I'm using openSuse 11.3
    Hi
    During the install when you get to the 'Add User' did you select ldap
    here, then also go into the software and add the YaST CA module?
    This will kick in the LDAP configuration, if you select the advanced
    configuration you can browse to your certificates which you could pre
    make?) and load.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
    up 3 days 12:56, 2 users, load average: 0.25, 0.53, 1.60
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21


  6. #6

    Default Re: LDAP + TLS and Common Server Certificate

    No.
    As I write before, I didn't setup any ldap configuration during installation because I wanted to do it after;
    so, when I get to the "Ass User", I only filled the username and password field.
    It seems I can add Server Common Certficate but it doesn't let me use it as the Server Common Certficate in Yast

  7. #7
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,278
    Blog Entries
    15

    Default Re: LDAP + TLS and Common Server Certificate

    Quote Originally Posted by gvecchi
    No.
    As I write before, I didn't setup any ldap configuration during
    installation because I wanted to do it after;
    so, when I get to the "Add User", I only filled the username and
    password field.
    It seems I can add Server Common Certficate but it doesn't let me use
    it as the Server Common Certficate in Yast
    Hi
    But the system needs to use LDAP for the first user authentication
    (aside from root) so it wants to run using LDAP for that user else it
    will default to the password file and not LDAP.

    I just did a test install in a VM, I selected users to use LDAP and
    skipped the adding users to it. I also added via software the YaST
    modules, CA Management and LDAP server along with openldap2.

    Skipping adding the ldap server gave me just the root user on the
    system along with no CA. Create a CA, then opening the YaST LDAP Server
    module then allowed me to add the certificates and enable TLS/SSL.

    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.32.24-0.2-default
    up 3 days 13:37, 2 users, load average: 0.31, 1.23, 2.51
    GPU GeForce 8600 GTS Silent - Driver Version: 260.19.21


  8. #8

    Default Re: LDAP + TLS and Common Server Certificate

    Hi!
    Maybe I'm not been so clear, so I try to clarify what I've done.

    1 - Installing opensuse 11.3 x86_64
    2 - User Section sets as local login, NO LDAP and no SUDO for the user, so I also put root password
    3 - After installation, updating system with online updater
    4 - Installed DHCP and DNS server, file server and directory server packages
    5 - Created Server Common Certificate (YaST_Default_CA) with yast ca-management (as show in How to recreate SMT 11 CA and server certificate)
    6 - During LDAP Server configuration, flag on "Enable TLS"
    7 - Unable to flag "Use Common Server Certificate"

    I don't want to setup LDAP during installation and it doesn't let me to setup any certificates during installation.
    Maybe it's a bug or the guide I followed to create Server Common Certificate is not valid for opensuse 11.3 ... (for SLES11 it works)

    Any ideas to enable Server Common Certficate?

    Quote Originally Posted by malcolmlewis View Post
    Skipping adding the ldap server gave me just the root user on the
    system along with no CA. Create a CA, then opening the YaST LDAP Server
    module then allowed me to add the certificates and enable TLS/SSL.
    Me too: I can add .pem files browsing on the file system, but can you put a flag on a "Use Server Common Certificate"?

  9. #9
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,278
    Blog Entries
    15

    Default Re: LDAP + TLS and Common Server Certificate

    Quote Originally Posted by gvecchi

    Me too: I can add .pem files browsing on the file system, but can you
    put a flag on a "Use Server Common Certificate"?

    Hi
    I'm not able to access my VM (not at home until Sunday) from memory I
    could browse to both (maybe advanced screen) and I'm sure on the first
    part there was the ability to add/browse to the certificate via URL
    which I think may be what your after.

    I'm still not sure your reason to not configure both LDAP CA etc during
    the install as that just works for me...


    --
    Cheers Malcolm (Linux Counter #276890)
    SUSE Linux Enterprise Desktop 11 (i586) Kernel 2.6.32.24-0.2-pae
    up 12:02, 2 users, load average: 0.08, 0.10, 0.03
    ASUS eeePC 1000HE ATOM N280 1.66GHz | GPU Mobile 945GM/GMS/GME


  10. #10

    Default [SOLVED] Re: LDAP + TLS and Common Server Certificate

    Quote Originally Posted by malcolmlewis View Post
    Hi
    I'm not able to access my VM (not at home until Sunday) from memory I
    could browse to both (maybe advanced screen) and I'm sure on the first
    part there was the ability to add/browse to the certificate via URL
    which I think may be what your after.
    Ok, I'm waiting for you

    Quote Originally Posted by malcolmlewis View Post
    I'm still not sure your reason to not configure both LDAP CA etc during
    the install as that just works for me...
    I don't want to setup LDAP and CA during installation because I have to clone the disk, so I need a clean installation to configure from time to time.

    I have some news: in Yast2, if I open the Common Server Certificate Section, it tells me that "Common Server Certificate not found. You can import a certificate from disk" so I unterstood that the certificate I've done is not set as the default server one.
    To solve the problem, I open CA Management, exported my Server Certficate as a .p12 file and then imported it as the Common Server Certificate in the homonymous section

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •