The client *is* configured - (ldap.conf):
....
TLS_CACERT /usr/local/etc/openldapcacert/cacert.pem
TLS_REQCERT never
...
The server is configured (slapd.conf):
...
TLSCipherSuite HIGH:MEDIUM:+TLSv1:+SSLv2
TLSCACertificateFIle /usr/local/etc/openldap/cacert/cacert.pem
TLSCertificateFIle /usr/local/etc/openldap/server.cert
TLSCertificateKeyFIle /usr/local/etc/openldap/server.key
TLSVerifyClient never
.....
Attached is the output of the server - indicating that the ca is still
"unknown " I've tried every combination of client/server configurations I
can think of, and still get the same thing - I'm not sure what I'm missing
here.
Thanks
Dennis
(See attached file: server.out)
Howard Chu
<hyc@symas.com>
Sent by: To
owner-openldap-so Dennis.Hoffman@seagate.com
ftware@OpenLDAP.o cc
rg openldap-software@OpenLDAP.org
No Phone Info Subject
Available Re: TLS question
09/29/2006 08:24
PM
Dennis.Hoffman@seagate.com wrote:
> Hello:
>
> I am trying to get TLS working on openldap-2.3.20. when I initiate
a
> search, the debug info at the server indicates "unknown_ca". According
to
> RFC 2246, this means that the "CA certificate could not be located or
> couldn't be matched with a known, trusted CA". My question: Isn't the
> slapd.conf "TLSCACertificateFile" directive what tells slapd which CA to
> trust? If so, why isn't it working?
See the Admin Guide http://www.openldap.org/doc/admin23/tls.html
You need to configure the client.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
Attachment:
server.out
Description: Binary data