Hi,
I've set an OpenLDAP server and followed the OpenLDAP CA generation.
The slapd is started with ldaps://... and the slapd.conf is configured for
the CA certificates.
But every time I try to run an ldapsearch I get:
____________________________________________________________________________
_______________
ldap_bind: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
____________________________________________________________________________
_______________
Since slapd is started with debug info, I'm getting the followind data in
the server
____________________________________________________________________________
_______________
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
TLS trace: SSL3 alert read:fatal:unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
s3_pkt.c:1052
connection_read(11): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=11 for close
connection_close: conn=0 sd=11
____________________________________________________________________________
_______________
Can anyone give me an hand on this?
I really believe that the problem is within the client side.
Regards,
Jorge Ruão
____
Faculdade de Engenharia da Universidade do Porto
jruao@fe.up.pt
22.508.1506 (ext.1089)