[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: TLS fails
>>The funny thing is, TLS works fine from a remote host, but not on the
server itself. I tried changing localhost to the actual DNS name of the
server, but still I get the same error.
is the ldap server a ldap client? my understanding is it has to be a
ldap client in order to make ldapsearch over tls work.
-ran
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of Chip Burke
Sent: Friday, February 03, 2006 12:08 PM
To: OpenLDAP-software@OpenLDAP.org
Subject: TLS fails
I am baffled as I have followed every HowTo and FAQ on line to get TLS
working, and it just refuses to work on the LDAP server.
Here is what I have done thus far. I create a very basic LDIF with just
my base organization and an admin user. If I query LDAP using ldapsearch
I get back what I would expect to see from what I added using my LDIF.
Fine.
So now I want to get TLS working. I create a certificate using the
following:
openssl req -new -x509 -nodes \
-out slapdcert.pem -keyout slapdkey.pem \
-days 365
This create my certificates and I add the following lines to my
slapd.conf and restart slapd.
TLSCipherSuite HIGH
TLSCertificateFile /etc/openldap/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/slapdkey.pem
I go back to do an ldapsearch the only change being ldap://localhost/ to
ldaps://localhost/ and I get an error message:
Ldap_bind: Can't contact LDAP server (-1)
Additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Now I have checked to be 100% certain that I have the right CN in the
certificate and that I can to forward and reverse DNS properly. So what
have I missed? The funny thing is, TLS works fine from a remote host,
but not on the server itself. I tried changing localhost to the actual
DNS name of the server, but still I get the same error.
Thanks for your help!
________________________________________
Chip Burke