[Date Prev][Date Next] [Chronological] [Thread] [Top]

Tls/ssl issue



Hi,
I just finished the tls/ssl, but the test is failed. Client and server
is on the same machines. I did not see any error message during the
issue CA server/client process.

[root@accounts openldap]# openssl s_client -connect localhost:636
-showcerts
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Thousand Oaks/O=California Lutheran
University/OU=ISS/CN
=accounts.clunet.edu/emailAddress=codywang@clunet.edu
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Thousand Oaks/O=California Lutheran
University/OU=ISS/CN
=accounts.clunet.edu/emailAddress=codywang@clunet.edu
verify error:num=21:unable to verify the first certificate
verify return:1
11712:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt
.c:1037:SSL alert number 40
11712:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:


In slapd.conf

##SSL/TLS options for slapd
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
TLSVerifyClient demand

In ldap.conf
TLS_CACERT /usr/local/etc/openldap/cacert.pem
TLS_REQCERT demand



Cody Wang