[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS certificates
- To: openldap-technical@openldap.org
- Subject: TLS certificates
- From: Matthew Edlefsen <matt.edlefsen@gmail.com>
- Date: Fri, 12 Jun 2009 15:59:29 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:from:date:message-id :subject:to:content-type:content-transfer-encoding; bh=AG1bVQhOEJSQ+f1IQNn8KpICmW7Vd+HgSSZYdu16EMY=; b=Czp5lo2RhhbClm9K5rerGAMydC5SJM/gK211kM1KWyB8M6yUPJW/XZbvde6x/s/L3O ASkNyLk8vOfUfJa88lenA9ehh00SL5D4QgKb3PHfMiIO44Es6GVBagkrrFFINW9OP3gh ylt1+dW7pbBWTyYzZN0CCuX3sHPV4lREj4xfk=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding; b=xeh0xIqC2emZtDiOppWwJpaJpu48mQfoMvlAN16PR/70a9ah49BDIWYrb6OUspgwBa wMOcdN5ppuu4O9h0fvoB6SfC8VEgx0/4U8/wtYR2TVw4BiKzNOtxT8D99rEn+ro1JjpZ jXXVF6RxH/992eizN8YCbFCRlmXMwJZawdhTc=
Hello, I'm trying to get TLS setup with openldap and am having some
issues. I have a CA signed certificate (not self-signed) and have
created a chain with my CA cert and the root CA cert. I've verified
that it works with openssl verify -CAfile on both the client and
server but then when I try to connect using ldaps I get the following
error on the client:
TLS certificate verification: depth: 2, err: 19, subject:
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root, issuer: /C=SE/O=AddTrust AB/OU=AddTrust External TTP
Network/CN=AddTrust External CA Root
TLS certificate verification: Error, self signed certificate in
certificate chain
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
I assume it's saying that the root CA is self signed, but if I don't
include it in the chain it says it can't trust the CA.
Anybody have any ideas?
Thanks,
Matt Edlefsen
Earlham Computing Services