[Date Prev][Date Next] [Chronological] [Thread] [Top]

problem SSL authentication

To: openldap-software@OpenLDAP.org
Subject: problem SSL authentication
From: Antonio Ruiz Martínez <arm@dif.um.es>
Date: Mon, 24 May 2004 19:00:58 +0200

Hello!

    I'm doing a search with ldapsearch. My server is configurated in
order to do a SSL connection but it is not necessary a client
authentication. However when I execute the command
ldapsearch -b "ou=USERS,o=ARM'S PKI,c=ES" -LLL -D
"cn=ARM,ou=USERS,o=ARM'S PKI,c=ES" -H ldaps://micropeich.dif.um.es -ZZ
-W

It seems the server is requesting the user certificate because I'm
getting the following:

ldap_start_tls: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE
:certificate verify failed

and in the server I'm getting:
connection_get(1128): got connid=0
connection_read(1128): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS: can't accept.
connection_read(1128): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=1128 for close
connection_close: conn=0 sd=1128

I don't undertand what the problem is?
Could you help me, please?

Thanks in advance,
Regards,
Antonio.

Follow-Ups:
- Re: problem SSL authentication
  - From: D.M.Lewney@sussex.ac.uk (Dave Lewney)

Prev by Date: Re: Schema
Next by Date: Re: problem SSL authentication
Index(es):
- Chronological
- Thread