[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem SSL authentication

Antonio Ruiz Martínez wrote:

    I'm doing a search with ldapsearch. My server is configurated in
order to do a SSL connection but it is not necessary a client
authentication. However when I execute the command
ldapsearch -b "ou=USERS,o=ARM'S PKI,c=ES" -LLL -D
"cn=ARM,ou=USERS,o=ARM'S PKI,c=ES" -H ldaps://micropeich.dif.um.es -ZZ

It seems the server is requesting the user certificate because I'm
getting the following:

ldap_start_tls: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
:certificate verify failed

Firstly, you can use -ZZ on port 389 *or* ldaps on port 636, but not both. However, I would have expected to see an error something like ...

ldap_start_tls: Operations error
	additional info: TLS already started

1) Is your server listening on ports 389 and/or 636?
2) Have you tested out your certificate(s) ...

openssl s_client -connect micropeich.dif.um.es:636 -CApath ...

Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956