[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP TLS problem




Hi list

I'm trying to set up an OpenLDAP server with TLS support. I created the needen certificates and added the essential lines to slapd.conf as described in several howtos. But I get whatever I try the same error:

TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL3 alert read:fatal:unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca /usr/src/lib/libssl/ssl/../src/ssl/s3_pkt.c:1052
connection_read(9): TLS accept error error=-1 id=7, closing
connection_closing: readying conn=7 sd=9 for close
connection_close: conn=7 sd=9
daemon: removing 9
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=8 active_threads=0 tvp=NULL



As explained in several mailinglist posts everything should work after declaring the correct certificate through the TLS_CACERT variable. I also created an .ldaprc file which contains this variable. But the error occurs still.


What else can I do to solve this problem? I very welcome any suggestions!

Best regards
Lukas