[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS not working with 2.0.14

To: <openldap-software@OpenLDAP.org>
Subject: RE: TLS not working with 2.0.14
From: "Patrick Cranston" <patrick@mutualaid.org>
Date: Tue, 9 Dec 2003 21:18:45 -0500
Importance: Normal

I'm having difficulty configuring TLS for LDAP.  I've followed the
instructions in this thread:
http://www.openldap.org/lists/openldap-software/200109/msg00745.html
for generating a self signed certificate, with the Common Name set as the
fully qualified domain name of my machine, and the -d127 debug output is
showing that the CA is unknown.  Can anyone offer any suggestions?

ldapsearch -d127 -H ldaps://xxx.xxxx.org -x -b ... -L -ZZ

returns:

TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 30                               ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

thanks for any help,
pat

Follow-Ups:
- RE: TLS not working with 2.0.14
  - From: Tony Earnshaw <tonye@billy.demon.nl>

Prev by Date: RE: [JunkMail] Re: sasl version mismatch: 2.1.15 vs 2.1.17
Next by Date: RE: TLS not working with 2.0.14
Index(es):
- Chronological
- Thread