[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS not working with 2.0.14

To: "Nik Clayton" <nik@freebsd.org>, "David Wright" <ichbin@shadlen.org>
Subject: RE: TLS not working with 2.0.14
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 27 Sep 2001 16:12:11 -0700
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <20010927232842.A36549@clan.nothing-going-on.org>

Run your ldapsearch command with debugging turned up (-d127 is what I
usually use) and look at the TLS log messages. The slapd debug messages
indicate that there is no problem detected on the server end, so it
must be the client.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Nik Clayton

> On Thu, Sep 27, 2001 at 10:58:45AM -0700, David Wright wrote:
> >
> > >     # ldapsearch -h clan -D cn=Manager,dc=example,dc=com -w
> secret -L -x -ZZ
> > >     ldap_start_tls: Connect error
> >
> > I ran into a simliar problem and it turned out to be my cert;
> more recent
> > OpenLDAPs are less tolerant of nonconformant certificates. In
> particular,
> > the name in your cert must be exactly the correct FQDN of your server as
> > returned e.g. by nslookup; an IP address won't do.
>
> I think I've got that right.
>

References:
- Re: TLS not working with 2.0.14
  - From: Nik Clayton <nik@freebsd.org>

Prev by Date: Re: TLS not working with 2.0.14
Next by Date: ldap_get_values returning NULL
Index(es):
- Chronological
- Thread