[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS questions...

Yes, this has been done to death.
You need to tell the SSL client what CA certificates it should trust.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Peter Lavender

> Hi everyone,
> I know this has been done to death, but I'm really struggling to get
> ldaps to work on my system.
> Following various howtos and the like I have a CA, I have created a
> key and certificate for the ldap server, however it continues to fail
> on connection.
> Here is the output from a client connection:
> root@hppa/etc/ssl/CA # openssl s_client -connect ldap.sspl.net.au:636
> -showcerts
> CONNECTED(00000003)
> depth=1
> /O=HPPA/Email=plaven@bigpond.net.au/L=Wanniassa/ST=ACT/C=AU/CN=sspl
> Root CA
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> 24994:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:226:
> I haven't been able to find any info that I can use to help resolve
> this problem.
> Should I head over to the openssl mailing lists and ask this?
> Regards,
> Pete.
> :wq