[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Error in certificate


François Beretti <francois.beretti@enatel.com> writes:

> Hello
> Today I installed a new server (under debian 3.0r1) with :
>  - openldap 2.1.22
>  - cyrus sasl 2.1.15 (libsasl2 package)
>  - openssl 0.9.7b
> I want to use TLS, so I made a new CA with openssl,
> then I created and signed a certificate for the slapd server, with an
> unencrypted key file
> but when I put the "-Z" option it doesn't work any more :
> 	debian-ldap:/etc/ldap# ldapsearch -Z -x
> 	ldap_start_tls: Connect error (91)
> 	        additional info: Error in the certificate.
> 	ldap_bind: Can't contact LDAP server (81)
> 	        additional info: Error in the certificate.
> My server certificate is valid :
> 	debian-ldap:/etc/ldap# openssl verify -CAfile /etc/ldap/ssl/ca-cert.pem
> etc/ldap/ssl/server-cert.pem
> 	/etc/ldap/ssl/server-cert.pem: OK

Did you put the hostname as dn into the server-cert.pem?
Did you do a ldapsearch with the apropriate hostname, which must be
identical to the dn in the certificate.


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de