[vagabond]

There’s a few recommendations over at macosxhints:
http://www.macosxhints.com/article.php?story=20051009043816537

[vagabond]

Mail and Apache were both working fine with the password attached, only LDAP seemed to have a problem with it. One thing I didn’t try was using a custom configuration to select the password-protected certificate by hand and entering in the password manually (there is an option for that now).

This is one of thsoe things where I don’t really know the why, just that LDAP works now. On a production server, that’s good enough for me

[vagabond]

Wouldn’t you know it-after looking for several hours for answers, I post a question and then find the answer myself within an hour of the post.

Apparently, LDAP still has issues with passwords attached to certificates (as described here). So, to get this working, I did the following (I haven’t modified locations/names from what SA creates):

cd /etc/certificates
sudo openssl rsa -in my.server.com.key -out my.server.com.no.key

Then, in Server Admin I checked the SSL box for LDAP and chose “Custom Configuration” with the following settings (again, locations are defaults):
Certificate: /etc/certificates/my.server.com.crt
SSL Key: /etc/certificates/my.server.com.no.key
CA Certificate: /etc/certificates/my.server.com.crtkey

The one that took me a second to figure out was the CA Certificate, since I had used SA to make the certificate to begin with and had no idea what the CA files were called.

[vagabond]

As macshome pointed out, you can’t do this in server admin. Edit the zone file for your domain (in /var/named) to include this:

domain.com. IN A xxx.xxx.xxx.xxx

It can’t be a CNAME (for whatever reason it’s improper syntax in the BIND world). Don’t forget the period after domain.com, otherwise it will add it as a subdomain.

[Author]

Posts