[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem SSL authentication

To: Antonio Ruiz Martínez <arm@dif.um.es>
Subject: Re: problem SSL authentication
From: Patrick Radtke <phr2101@columbia.edu>
Date: Wed, 26 May 2004 17:31:46 -0400
Cc: openldap-software@OpenLDAP.org
In-reply-to: <40B505AF.3FD5FC3@dif.um.es>
References: <40B22A4A.5F660D33@dif.um.es> <40B30417.9070705@central.susx.ac.uk> <40B505AF.3FD5FC3@dif.um.es>

Have you edited ldap.conf to tell ldapsearch where the CA certificate is? TLS_CACER=path to CA cert.

If you have done that step then run ldapsearch in debug mode and it will tell you if it successfully read the CA file.

-Patrick
On May 26, 2004, at 5:01 PM, Antonio Ruiz Martínez wrote:

Hello!
Thanks for your answer.
Dave Lewney wrote:
Antonio Ruiz Martínez wrote:
Hello!
I'm doing a search with ldapsearch. My server is configurated in order to do a SSL connection but it is not necessary a client authentication. However when I execute the command ldapsearch -b "ou=USERS,o=ARM'S PKI,c=ES" -LLL -D "cn=ARM,ou=USERS,o=ARM'S PKI,c=ES" -H ldaps://micropeich.dif.um.es -ZZ -W
It seems the server is requesting the user certificate because I'm
getting the following:
ldap_start_tls: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE
:certificate verify failed
...

References:
- problem SSL authentication
  - From: Antonio Ruiz Martínez <arm@dif.um.es>
- Re: problem SSL authentication
  - From: D.M.Lewney@sussex.ac.uk (Dave Lewney)
- Re: problem SSL authentication
  - From: Antonio Ruiz Martínez <arm@dif.um.es>

Prev by Date: Re: problem SSL authentication
Next by Date: Kerberos + LDAP + Cyrus-SASL woes
Index(es):
- Chronological
- Thread