[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem SSL authentication

To: Antonio Ruiz Martínez <arm@dif.um.es>
Subject: Re: problem SSL authentication
From: D.M.Lewney@sussex.ac.uk (Dave Lewney)
Date: Tue, 25 May 2004 09:30:15 +0100
Cc: openldap-software@OpenLDAP.org
References: <40B22A4A.5F660D33@dif.um.es>
User-agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.1) Gecko/20020827

Antonio Ruiz Martínez wrote:

Hello!

    I'm doing a search with ldapsearch. My server is configurated in
order to do a SSL connection but it is not necessary a client
authentication. However when I execute the command
ldapsearch -b "ou=USERS,o=ARM'S PKI,c=ES" -LLL -D
"cn=ARM,ou=USERS,o=ARM'S PKI,c=ES" -H ldaps://micropeich.dif.um.es -ZZ
-W

It seems the server is requesting the user certificate because I'm
getting the following:

ldap_start_tls: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE
:certificate verify failed
...

Firstly, you can use -ZZ on port 389 *or* ldaps on port 636, but not both. However, I would have expected to see an error something like ...

ldap_start_tls: Operations error
	additional info: TLS already started

1) Is your server listening on ports 389 and/or 636?
2) Have you tested out your certificate(s) ...

openssl s_client -connect micropeich.dif.um.es:636 -CApath ...

Dave
--
Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956

Follow-Ups:
- Re: problem SSL authentication
  - From: Antonio Ruiz Martínez <arm@dif.um.es>

References:
- problem SSL authentication
  - From: Antonio Ruiz Martínez <arm@dif.um.es>

Prev by Date: problem SSL authentication
Next by Date: Re: Schema
Index(es):
- Chronological
- Thread