[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trouble with SSL certs



Josh M. Hurd wrote:
I have created a set of self signed certs for my master and a slave.
Clients can connect to either with the cert installed on the client but I am having trouble getting them to talk to each over TLS.
I want the master to replicate to the slave over TLS but can't get it to work. Strangely I have it working the other way; the slave can bind to the master over TLS but the master cannot bind to the slave.
I have TLS_CACERTDIR set correctly with the certs installed in that location (with symlinks being created) but I am still getting the self signed cert error when trying to bind.


Debig output:

TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 18, subject: ........
TLS certificate verification: Error, self signed certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


What if you add

TLS_REQCERT allow

to /etc/ldap.conf or /etc/openldap/ldap.conf