[Date Prev][Date Next] [Chronological] [Thread] [Top]

[seeking help] unknown CA - p.s.

To: openldap-software@OpenLDAP.org
Subject: [seeking help] unknown CA - p.s.
From: Ben Kim <bkim@edsun.coe.tamu.edu>
Date: Fri, 26 Sep 2003 12:25:22 -0500 (CDT)
In-reply-to: <Pine.GSO.4.10.10309261154360.4780-100000@edsun.coe.tamu.edu>

I want to add that the new failing web server that I compiled shows "bad
checksum" while the successful one does not. Would this affect the result?

Regards,
Ben

On Fri, 26 Sep 2003, Ben Kim wrote:

> Hi,
> I have a php script authenticating user against an ldap server (not under
> my control) which I know has no problem.
> But when I use it on my newly compiled server, it cannot bind with ldaps
> protocol. Packet traces show the following exchange.
> - client: Client Hello
> - server: Server Hello, Certificate, Server Hello Done
> - client: Alert (Level: Fatal, Description: Unknown CA)
> 
> On google, it seems to be one of the standard error strings: 
> "   "CA"/"unknown CA"
>           A valid certificate chain or partial chain was received, but
> the certificate was not accepted because the CA certificate could not be
> located or couldn't be matched with a known, trusted CA. This message
> is always fatal."
> 
> My question is, how can I fix this problem? I checked the configuration of
> another machine on which this script works perfectly, but cannot easily
> find the difference.
> 
> Any insight would be appreciated.
> 
> Thanks.
> Ben
> 
>

Follow-Ups:
- Re: [seeking help] unknown CA - p.s.
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- [seeking help] unknown CA
  - From: Ben Kim <bkim@edsun.coe.tamu.edu>

Prev by Date: tls authentication : certificate dn to directory dn mapping
Next by Date: Re: Re: LDAP and CA-certs
Index(es):
- Chronological
- Thread