[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS certificates



Matthew Edlefsen wrote:
> Hello, I'm trying to get TLS setup with openldap and am having some
> issues.  I have a CA signed certificate (not self-signed) and have
> created a chain with my CA cert and the root CA cert.  I've verified
> that it works with openssl verify -CAfile on both the client and
> server but then when I try to connect using ldaps I get the following
> error on the client:
> 
> TLS certificate verification: depth: 2, err: 19, subject:
> /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
> External CA Root, issuer: /C=SE/O=AddTrust AB/OU=AddTrust External TTP
> Network/CN=AddTrust External CA Root
> TLS certificate verification: Error, self signed certificate in
> certificate chain
> TLS trace: SSL3 alert write:fatal:unknown CA
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS: can't connect.
> 
> I assume it's saying that the root CA is self signed, but if I don't
> include it in the chain it says it can't trust the CA.

Could you please elaborate on how you configured TLS settings on your
LDAP client? I assume that your OpenLDAP build was linked to OpenSSL
libs. Is that right?

Ciao, Michael.