[Samba] Testing TLS

Sven Schwedas sven.schwedas at tao.at
Mon Jun 30 08:42:11 MDT 2014

On 2014-06-30 16:25, Gregor Burck wrote:
> Hi,
> for an application (egroupware) I tried to switch on TLS: 
>         tls enabled = Yes
>         tls keyfile = /etc/ssl/private/edad001.pem
>         tls certfile = /etc/ssl/certs/edad001.crt
>         tls cafile = /etc/ssl/certs/RootCA_.crt
> But egroupware still told me tls is needed.
> With witch test I could test if TLS is work or not?


> openssl s_client -connect your.server.name:636 -CAfile /etc/ssl/certs/RootCA_.crt

This tests ldaps://your.server.name/, make sure that you get "Verify
return code: 0 (ok)" as result – most ldap libraries fail to properly
report certificate issues and just die.

If that works, but not egroupware, make sure it uses your CA
certificate, the right server name (=the one in the certificate), and
ldaps:// (on port 636) or starttls (on port 389).

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140630/401fce06/attachment.pgp>

More information about the samba mailing list