[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_start_tls: Can't contact LDAP server

To: Howard Chu <hyc@highlandsun.com>
Subject: Re: ldap_start_tls: Can't contact LDAP server
From: Justin Wood <justin@flipdog.com>
Date: Mon, 22 Apr 2002 11:03:06 -0600
Cc: openldap-software@OpenLDAP.org
Organization: FlipDog.com
References: <NMEFLNHODBAOPDKNNJALAEIACLAA.hyc@highlandsun.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020310

That's what I've got. I created a CA cert, then a server certificate for *.flipdog.com which is signed by the CA cert. That's all I have.

-Justin.

Howard Chu wrote:

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Justin Wood

openssl s_client -connect ldapmaster.flipdog.com:636, and it seems to
see the cert, but I get a response I'm not sure of.  Along with
reporting the certificate it found, I see the following.

verify error:num=19:self signed certificate in certificate chain

Can anyone shed some light on this for me?

I believe this means you have more than one self-signed certificate in your
certificate chain. This shouldn't happen; you should have one root-level
Certificate Authority that has a self-signed cert, and then all other
(lower) certificates in a chain should be signed by a superior CA.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

-- ---------------------------------------------------------- Justin Wood justin@flipdog.com Systems Administrator FlipDog.com http://www.flipdog.com/ ----------------------------------------------------------

References:
- RE: ldap_start_tls: Can't contact LDAP server
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: problems adding
Next by Date: RE: ldapsearch TLS error
Index(es):
- Chronological
- Thread