Re: TLS headache

Paolo Marini wrote:

Does your cert7.db know about your CA?
What does it mean ? what is cert7.db ?

Thank you

Paolo


My apologies - cert7.db is a Netscape db used with ssl (port 636).
The significant line in the output is surely this:

TLS trace: SSL3 alert write:fatal:unknown CA

which means that the client does not know about the signing authority.
Two things to try:

1) In slapd.conf try changing
TLSCipherSuite HIGH:MEDIUM:+SSLv2:
to
TLSCipherSuite HIGH:MEDIUM:+SSLv3:RSA:+TLSv1

2) From the client

/path/to/openssl s_client -connect <server name as in CN of cert>:636 -CApath /path/to/directory/containing/CAcert

Dave
--
Dave Lewney
Principal Systems Programmer, Computing Service
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956

References:
- Re: TLS headache
  - From: Kent Soper <dksoper@us.ibm.com>
- Re: TLS headache
  - From: "Paolo Marini" <paolom@prisma-eng.it>
- Re: TLS headache
  - From: D.M.Lewney@sussex.ac.uk (Dave Lewney)
- Re: TLS headache
  - From: "Paolo Marini" <paolom@prisma-eng.it>