[Date Prev][Date Next]
Re: OpenLDAP 2.1.3 TLS: self signed certificate
Tuesday, July 23, 2002, 4:33:36 AM, you wrote:
AS> Not really finding the answer to this in the archives, so...
AS> I have a server certificate I've signed with my CA certificate, everything
AS> stored in PEM format. The certs work OK on my Apache mod_ssl server.
AS> I've added the configuration:
AS> TLSCertificateFile /opt/ldap/etc/denverops.quris.net.crt.pem
AS> TLSCertificateKeyFile /opt/ldap/etc/denverops.quris.net.key.pem
AS> TLSCACertificateFile /opt/apache/conf/ssl.crt/cacert.pem
AS> TLSVerifyClient never
AS> Running slurpd in debug mode, ultimately I see:
AS> TLS certificate verification: depth: 1, err: 19, subject:
AS> /Emailemail@example.com/CN=Quris, Inc. Certificate Authority/O=Quris,
AS> Inc./C=US/L=Denver, issuer: /Emailfirstname.lastname@example.org/CN=Quris, Inc.
AS> Certificate Authority/O=Quris, Inc./C=US/L=Denver
AS> TLS certificate verification: Error, self signed certificate in
AS> certificate chain
AS> What's wrong with a self-signed certificate?
Well, I guess nothing's wrong ;-) As long as slurpd concidered
`client', it's settings are in ldap.conf(5), not slapd.conf(5).
You should inform slurpd about your self-signed CA with TLS_CACERT.
Did You do that? And don't forget about the other TLS-related