[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
self signed certificate
Hi list,
When using TLS, I have information that I'm using a self-signed
certificate, as shown below:
# ldapsearch -x -d5 -b 'ou=Usuarios,dc=xx,dc=com,dc=br' -H
ldaps://121.1.1.97/ '(objectclass=*)'
ldap_url_parse_ext(ldaps://121.1.1.97/)
ldap_create
ldap_url_parse_ext(ldaps://121.1.1.97:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 121.1.1.97:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 121.1.1.97:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 18, subject:
/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=ldap.xx.com.br, issuer:
-State/O=Internet Widgits Pty Ltd/CN=ldap.xx.com.br
TLS certificate verification: Error, self signed certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self
signed certificate).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
My slapd.conf:
TLSRandFile /dev/random
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/ssl/cert.crt
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/cert.key
TLSCACertificateFile /usr/local/etc/openldap/ssl/cert.crt
my ldap.conf
pam_login_attribute uid
base dc=xxxx,dc=com,dc=br
uri ldap://127.0.0.1/
PORT 636
HOST 127.0.0.1
TLS_REQCERT allow
TLS_CACERT /usr/local/etc/openldap/ssl/cert.crt
TLS_CACERTDIR /usr/local/etc/openldap/ssl
--
Márcio Luciano Donada <mdonada -at- auroraalimentos -dot- com -dot- br>
Aurora Alimentos - Cooperativa Central Oeste Catarinense
Departamento de T.I.