[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS questions...

To: <plaven@bigpond.net.au>, "'openLDAP'" <openldap-software@OpenLDAP.org>
Subject: RE: TLS questions...
From: "Howard Chu" <hyc@highlandsun.com>
Date: Sat, 7 Dec 2002 04:09:25 -0800
Importance: Normal
In-reply-to: <20021207223047.B11821@piglet>

Yes, this has been done to death.
You need to tell the SSL client what CA certificates it should trust.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Peter Lavender

> Hi everyone,
> 
> I know this has been done to death, but I'm really struggling to get
> ldaps to work on my system.
> 
> Following various howtos and the like I have a CA, I have created a
> key and certificate for the ldap server, however it continues to fail
> on connection.
> 
> Here is the output from a client connection:
> 
> root@hppa/etc/ssl/CA # openssl s_client -connect ldap.sspl.net.au:636
> -showcerts
> CONNECTED(00000003)
> depth=1
> /O=HPPA/Email=plaven@bigpond.net.au/L=Wanniassa/ST=ACT/C=AU/CN=sspl
> Root CA
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> 24994:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:226:
> 
> 
> I haven't been able to find any info that I can use to help resolve
> this problem.
> 
> Should I head over to the openssl mailing lists and ask this?
> 
> 
> 
> Regards,
> 
> Pete.
> 
> :wq
> 
>

Follow-Ups:
- RE: TLS questions...
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- TLS questions...
  - From: Peter Lavender <plaven@bigpond.net.au>

Prev by Date: TLS questions...
Next by Date: Re: Connect to LDAP via ssl failed
Index(es):
- Chronological
- Thread