[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA

To: Pierre Burri <pierre@globeall.de>
Subject: Re: SSL3 alert write:fatal:unknown CA
From: Kent Soper <dksoper@us.ibm.com>
Date: Thu, 26 Jun 2003 16:30:06 -0500
Cc: OpenLDAP <openldap-software@OpenLDAP.org>, owner-openldap-software@OpenLDAP.org

Pierre Burri wrote:

>Hi Kent,
>I looked in your excellent Document OpenLDAP_TLS_howto, also because
Quanah
>Gibson-Mount mentioned it.
>
>In Chapter 7 Using TLS you give the following example:
>
>ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>'(objectclass=*)' -H ldaps://myserver.com -W -ZZ
>
>I thought TLS was working on port 389 and only SSL was using ldaps://
>If that's true the command would be:
>
>ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>'(objectclass=*)' -h myserver.com -W -ZZ
>
>Pierre

Good catch Pierre!

The command needs to have "ldap://"; instead of "ldaps://".  Using ldaps://
with "-ZZ" will not enable a connection to the server.

I still prefer "-H <uri>" over "-h <host>" because the latter is
deprecated.

The doc is new and probably has a few more errors so I'll wait before
updating the document.  Thanks for catching it and thanks for the great
comment!

Cheers,
Kent Soper

"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
phonel:  1-512-838-9216
e-mail:  dksoper@us.ibm.com

Follow-Ups:
- Re: SSL3 alert write:fatal:unknown CA
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: ACL/ACI && SASL
Next by Date: Re: SSL3 alert write:fatal:unknown CA
Index(es):
- Chronological
- Thread