How to save the LDAP SSL Certificate from OpenSSL

ssl ldap openssl ssl-certificate edirectory
Dungeon Hunter picture Dungeon Hunter · Aug 16, 2011 · Viewed 90.9k times · Source

I wanted the SSL Certificate of my LDAP Server which is Novell eDirectory. I have used openssl to connect to ldap to view the certificate. 

openssl s_client -connect 192.168.1.225:636

It is just printing the certificate. How can I save this to some certificate format file?

Answer

Bruno picture Bruno · Aug 17, 2011

Copy everything between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- (including these delimiters) and paste it in a new text file (usually with the extension .pem or .crt). You can use your favourite (plain) text editor for this, for example Notepad, Gedit, Vim, Emacs (depending on the system you're using).

Alternatively, you can pipe the output to sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p', as described here:

echo -n | openssl s_client -connect 192.168.1.225:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldapserver.pem

Related questions

how to accept self-signed certificates for JNDI/LDAP connections?

I need to connect to an LDAP directory over SSL. In non-production environments, we use self-signed certificates which, of course, fails to validate with: javax.naming.CommunicationException: simple bind failed: ldapserver:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.…

Read More
Setting up SSL in Active Directory how-to

I need to set up SSL over Active Directory. I googled a lot but could not found a decent write up about how to do this. Please if you know some good resources about this let me know. Thanks!

Read More
using spring-ldap with ssl

I need to talk to an LDAP server via spring-ldap with SSL, and the other end has a self-signed certificate no less. Can any kind soul please point me to some instructions for setting this up?

Read More