[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS fails



I am baffled as I have followed every HowTo and FAQ on line to get TLS
working, and it just refuses to work on the LDAP server.

Here is what I have done thus far. I create a very basic LDIF with just my
base organization and an admin user. If I query LDAP using ldapsearch I get
back what I would expect to see from what I added using my LDIF. Fine. 

So now I want to get TLS working. I create a certificate using the
following:

openssl req -new -x509 -nodes \
-out slapdcert.pem -keyout slapdkey.pem \
-days 365

This create my certificates and I add the following lines to my slapd.conf
and restart slapd.

TLSCipherSuite  HIGH
TLSCertificateFile      /etc/openldap/slapdcert.pem
TLSCertificateKeyFile   /etc/openldap/slapdkey.pem

I go back to do an ldapsearch the only change being ldap://localhost/ to
ldaps://localhost/ and I get an error message:

Ldap_bind: Can't contact LDAP server (-1)
	Additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Now I have checked to be 100% certain that I have the right CN in the
certificate and that I can to forward and reverse DNS properly. So what have
I missed? The funny thing is, TLS works fine from a remote host, but not on
the server itself. I tried changing localhost to the actual DNS name of the
server, but still I get the same error.

Thanks for your help!




________________________________________
Chip Burke