[Date Prev][Date Next]
Re: problem SSL authentication
Antonio Ruiz Martínez wrote:
I'm doing a search with ldapsearch. My server is configurated in
order to do a SSL connection but it is not necessary a client
authentication. However when I execute the command
ldapsearch -b "ou=USERS,o=ARM'S PKI,c=ES" -LLL -D
"cn=ARM,ou=USERS,o=ARM'S PKI,c=ES" -H ldaps://micropeich.dif.um.es -ZZ
It seems the server is requesting the user certificate because I'm
getting the following:
ldap_start_tls: Can't contact LDAP server (81)
additional info: error:14090086:SSL
:certificate verify failed
Firstly, you can use -ZZ on port 389 *or* ldaps on port 636, but not both.
However, I would have expected to see an error something like ...
ldap_start_tls: Operations error
additional info: TLS already started
1) Is your server listening on ports 389 and/or 636?
2) Have you tested out your certificate(s) ...
openssl s_client -connect micropeich.dif.um.es:636 -CApath ...
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956