[Date Prev][Date Next] [Chronological] [Thread] [Top]

"TLS certificate verification: Error, self signed certificate"

To: openldap-software@OpenLDAP.org
Subject: "TLS certificate verification: Error, self signed certificate"
From: d.vancutsem@crelan.be
Date: Mon, 25 Nov 2002 10:44:37 +0100

Hello all.
I'have just setup a linux cluster for non-stop authentication with openldap
and heartbeat.
I'm trying to setup SSL but i have a problem:
>From the server where "slapd" is running, everything looks OK:

LdapServer:~ # ldapsearch -H ldaps://LdapServer.crelan.be/ -x -b
"o=domain,c=be" -s base -
LLL supportedSASLMechanisms
No such object (32)

but from the other server, i have the fillowing answer:

LdapServer:~ # ldapsearch -H ldaps://LdapServer.crelan.be/ -x -b
"o=domain,c=be" -s base -
LLL supportedSASLMechanisms
ldap_bind: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE
:certificate verify failed

If i launch the debug command:

ldap_int_sasl_open: host=LdapServer.domain.be
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 18, subject:
/C=be/ST=Some-State/O=
domain/CN=LdapServer.domain.be, issuer:
/C=be/ST=Some-State/O=domain/CN=LdapServer.domain.
be
TLS certificate verification: Error, self signed certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE
:certificate verify failed


Can somebody help me???
It's strange because everything looks OK on the server it self....






This email and any attached files are confidential and may be legally privileged.If you are not the intended recipient, any disclosure, reproduction, copying, distribution, or other dissemination or use of this communication is strictly prohibited.  If you have received this transmission in error please notify the sender immediately and then delete this email.Email transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.  The sender therefore is in no way liable for any errors or omissions in the content of this message, which may arise as a result of email transmission. If verification is required, please request a hard copy.

Follow-Ups:
- Re: "TLS certificate verification: Error, self signed certificate"
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: RE: ldap installation
Next by Date: probably simple acl problem
Index(es):
- Chronological
- Thread