[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error in certificate

To: openldap-software@OpenLDAP.org
Subject: Re: Error in certificate
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Mon, 15 Sep 2003 20:15:32 +0200
In-reply-to: <HKECKNCDNEMAOHFDDEPOKEOECBAA.francois.beretti@enatel.com> (François Beretti's message of "Mon, 15 Sep 2003 17:30:06 +0200")
References: <HKECKNCDNEMAOHFDDEPOKEOECBAA.francois.beretti@enatel.com>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Hi,

François Beretti <francois.beretti@enatel.com> writes:

> Hello
>
> Today I installed a new server (under debian 3.0r1) with :
>  - openldap 2.1.22
>  - cyrus sasl 2.1.15 (libsasl2 package)
>  - openssl 0.9.7b
>
> I want to use TLS, so I made a new CA with openssl,
> then I created and signed a certificate for the slapd server, with an
> unencrypted key file
[...]
> but when I put the "-Z" option it doesn't work any more :
>
> 	debian-ldap:/etc/ldap# ldapsearch -Z -x
> 	ldap_start_tls: Connect error (91)
> 	        additional info: Error in the certificate.
> 	ldap_bind: Can't contact LDAP server (81)
> 	        additional info: Error in the certificate.
>
> My server certificate is valid :
> 	debian-ldap:/etc/ldap# openssl verify -CAfile /etc/ldap/ssl/ca-cert.pem
> etc/ldap/ssl/server-cert.pem
> 	/etc/ldap/ssl/server-cert.pem: OK

Did you put the hostname as dn into the server-cert.pem?
Did you do a ldapsearch with the apropriate hostname, which must be
identical to the dn in the certificate.

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

Follow-Ups:
- RE: Error in certificate
  - From: François Beretti <francois.beretti@enatel.com>

References:
- Error in certificate
  - From: François Beretti <francois.beretti@enatel.com>

Prev by Date: Re: The speed of adding an entry is too slow.
Next by Date: Seg Fault in 2.1.22
Index(es):
- Chronological
- Thread