[Date Prev][Date Next]
Re: unknown CA
ThierryW wrote :
I was having the same error (unknown CA), like you write i put
TLS_CACERT /usr/local/openldap/etc/certs/CA_pubkey.pem) in ldap.conf but
now i get a new error :
connection_read(14): unable to get TLS client DN error=49 id=6
then it bind anonymous..?
Howard Chu wrote:
I have just this afternoon committed the support for the TLSCACertPath.
If you pull the latest version of libldap/tls.c from CVS you'll get it.
(But in general, you are of course welcome to fix/write anything you wish.)
As for the unknown CA problem, you need to configure your LDAP clients to
use the certs as well. It looks like you have only configured slapd so far.
You probably need to add this
to your /usr/local/openldap/etc/ldap.conf file.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
From: Tarassov Vadim [mailto:Vadim.Tarassov@winterthur.ch]
Sent: Friday, June 14, 2002 4:31 AM
To: 'Howard Chu'; Tarassov Vadim; OpenLDAP-software@OpenLDAP.org
Subject: AW: unknown CA
Do you mind if I will fix it? And look, I believe there is
something wrong with
openldap 2.1.2, openssl 1.9.6d
if build together on solaris 2.6 with forte 6 update 1. I was
struggling few hours with those fancy error messages I've
described before, but could not find anything besides of the fact
that s_client and s_server do work well with the same
certificates. Thus, I will have to investigate this problem. I
will inform you regardless to if I will have success or not.
Cheers, Vadim Tarassov.