[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS errors out



Thank you Sir.
However, I have read all those documents. I duno whether I missed anything.
Following are my conf files.

1. SLAPD.conf
TLSRandFile     /var/symas/egd-pool
TLSCertificateFile /opt/symas/bin/ldapcert.pem
TLSCertificateKeyFile /opt/symas/bin/ldapkey.pem
TLSCACertificateFile /opt/symas/bin/cacert.pem

2.  LDAP.conf
BASE dc=TEST3,dc=global,dc=mydomain,dc=com
URI ldaps://TEST3.TEST2.mydomain.com
# ldap://TEST3.TEST2.mydomain.com:636 ldap://TEST3.TEST2.mydomain.com:666

host test3.test2.mydomain.com
port 636
ssl yes           # statement ssl start_tls also fails
TLS_CACERT /opt/symas/bin/cacert.pem

Regards
Pravin Joshi




-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Howard Chu
Sent: Thursday, October 24, 2002 01:59
To: openldap-software@OpenLDAP.org
Subject: RE: TLS errors out


Try reading the Admin Guide a little more carefully:
http://www.openldap.org/doc/admin21/tls.html

This is also specifically addressed in the FAQ:
http://www.openldap.org/faq/data/cache/185.html

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Pravin Joshi

> Dear All,
>
> I queried as follows:
> /opt/symas/bin/ldapsearch -d 9 -Z -w mypass -D
> "cn=Manager,dc=test3,dc=test2,dc=mydomain,dc=com" -b ""
> "(objectClass=*)"
>
> Afte initial success messages, when it starts with TLS, I got
> following
> errors:
>
> # Start
> ldap_msgfree
> TLS trace: SSL_connect:before/connect initialization
> TLS trace: SSL_connect:SSLv2/v3 write client hello A
> TLS trace: SSL_connect:SSLv3 read server hello A
> TLS certificate verification: depth: 0, err: 20, subject:
> /C=AU/ST=Some-State/O=
> Internet Widgits Pty Ltd/CN=test3.test2.mydomain.com, issuer: /C=A
> U/ST=Some-State/O=Internet Widgits Pty Ltd/CN=test3.test2.mydomain.com
> TLS certificate verification: Error, unable to get local
> issuer certificate
> TLS trace: SSL3 alert write:fatal:unknown CA
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS: can't connect.
> ldap_perror
> ldap_start_tls: Connect error (91)
>         additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE
> # End (There are other error messages after this)
>
> Now, what I feel is it is trying to do client authentication or else
> comparing the issuer. And it fails there. I am stucked since
> last two days
> on this. Please guide. Thanks in advance.
>
>
> Regards
> Pravin Joshi
>
>