[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL problem - unsupported certificate

To: openldap-software@openldap.org
Subject: Re: TLS/SSL problem - unsupported certificate
From: Howard Chu <hyc@symas.com>
Date: Wed, 11 Apr 2007 06:35:29 -0700
In-reply-to: <461C9F21.5010007@hetnet.nl>
References: <b29e0c790704100820y315af7abo956846e47f10f637@mail.gmail.com> <461C57B9.8040707@hetnet.nl> <461C7C2D.1080500@symas.com> <461C9F21.5010007@hetnet.nl>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a4pre) Gecko/20070409 SeaMonkey/1.5a

Tony Earnshaw wrote:

Howard Chu wrote, on 11. apr 2007 08:11:
[...]
So, if the goal is to use certificate-based authentication, then the solution is to generate a proper certificate without any usage restrictions on it, or one that says it can be used for client authentication.

If the goal isn't to use certificate-based authentication, then some of your advice is correct.
It seemed to me that OP was simply trying to establish an encrypted connection, as so many have done in the past and slapd was barfing on a missing client cert.

The error message pretty clearly says the certificate is unsupported. That's quite different from saying the certificate is missing. Ignoring the error message will generally lead you down a lot of dead ends...

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

References:
- TLS/SSL problem - unsupported certificate
  - From: "Antonio Camacho" <antcam@gmail.com>
- Re: TLS/SSL problem - unsupported certificate
  - From: Tony Earnshaw <tonni@hetnet.nl>
- Re: TLS/SSL problem - unsupported certificate
  - From: Howard Chu <hyc@symas.com>
- Re: TLS/SSL problem - unsupported certificate
  - From: Tony Earnshaw <tonni@hetnet.nl>

Prev by Date: RE: Ldapsearch on multiple attributes
Next by Date: Re: Ldapsearch on multiple attributes
Index(es):
- Chronological
- Thread