search cancel

How to setup CALDAP Command line ldapsearch using encrypted server side ssl


Article ID: 212085


Updated On:


Top Secret ACF2


How to test an ssl encrypted ldapsearch query against the CALDAP server. 
This is server side SSL only (DN and password authentication) - Client authentication is not required.

A query to a non-SSL port works without problem.



Release : 16.0

Component : CA LDAP Server


To be able to use ldapsearch line command, with ssl server setup,
setup a keyring for the user that contains the signing certauth certificates of the server certificate.
Then setup a file called ldaprc in the users home directory.
The contents of ldaprc should be...

TLS_KEYRING owner/ringname

You can also specify any preferred cipher suite e.g.
TLS_Cipher_Suite DEFAULT 

And add minimum protocol level e.g.
TLS_Protocol_Min  tls1.2

note: only TLS_KEYRING is required.

This link provides details of all available client configuration options.