[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_start_tls: Can't contact LDAP server

That's what I've got. I created a CA cert, then a server certificate for *.flipdog.com which is signed by the CA cert. That's all I have.


Howard Chu wrote:
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Justin Wood

openssl s_client -connect ldapmaster.flipdog.com:636, and it seems to
see the cert, but I get a response I'm not sure of.  Along with
reporting the certificate it found, I see the following.

verify error:num=19:self signed certificate in certificate chain

Can anyone shed some light on this for me?

I believe this means you have more than one self-signed certificate in your
certificate chain. This shouldn't happen; you should have one root-level
Certificate Authority that has a self-signed cert, and then all other
(lower) certificates in a chain should be signed by a superior CA.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Justin Wood justin@flipdog.com
Systems Administrator
FlipDog.com http://www.flipdog.com/