[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert read:warning:bad certificate

tir, 24.08.2004 kl. 15.42 skrev Artur Kokoszka:

> When I use :
> openssl s_server -accept 636 -cert /etc/ldap/ldapcert.pem -key 
> /etc/ldap/ldapkey.pem
> and then
> openssl s_client -connect ldap.example.com:636 -showcerts -state -CAfile 
> /etc/ldap/cacert.pem
> All it's OK. There are no errors.
> But when I start slapd with configuration:
> TLSCertificateFile /etc/ldap/ldapcert.pem
> TLSCertificateKeyFile /etc/ldap/ldapkey.pem
> TLSCACertificateFile /etc/ldap/cacert.pem
> TLSVerifyClient 0                                             or never
> There is a string:
> SSL3 alert read:warning:bad certificate  - full listing below
> Maybe it ok yet (I.'m not sure -  ldapsearch with tls works good). But, 
> when I try to authentificate users, it is not possible. All the time 
> I've got massages that:
> No client certificate CA names sent

Since properly made certificates work for me (on several sites) and 1000
others with the above parameters, we have to look somewhere else.

As what user are you running 'openssl s_client' and 'ldapsearch'? As
what user are you running slapd? What are the permissions on
/etc/ldap/cacert.pem and the two other certs?



Happiness is having your cat jump in through the window and
greet you, with the light summer dew yet a few seconds wet
on his coat.

mail: tonye@billy.demon.nl