[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS, unknown CA error (was RE: openldap 2.1.3 problems)

There are plenty of answers to this question already on this email list.




Whatever CA cert you configured in slapd.conf must also be configured on the
client, using the TLS_CACERT option in ldap.conf or your .ldaprc file. If you
didn't create an explicit CA cert and are just using a self-signed server
cert, then that cert must be configured on the client using the TLS_CACERT
option. Read the ldap.conf(5) man page for more info on this option.

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> alexlam@msolutions.com.hk

> Hi,
> I've got the same problem.
> But it seems related to the "ldapsearch".
> When I use the ldapsearch with version 2.0.23, it can provide TLS
> connection
> to slapd server with 2.1.3.
> Is it a bug with the ldapsearch with version 2.1.3?
> Thanks,
> Alex Lam
> ----- Original Message -----
> From: "Hardi Gunawan" <hardigunawan@inbox.lv>
> To: <openldap-software@OpenLDAP.org>

> > Hi
> >
> > I've some problem moving from openldap 2.0.23 to 2.1.3.
> >
> > 1)  I can't connect using TLS anymore (It works when I downgrade to
> 2.0.23)
> >
> > TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> > TLS: can't accept.
> > TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> > s3_pkt.c:985
> >
> > Seems that quite a number of people are having the same problems.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support