[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get TLS Working

Thank you for your reply, Howard.

On Sep 27, 2004, at 4:25 PM, Howard Chu wrote:

Run ldapsearch with debugging enabled. There are a variety of reasons this may be failing, but without the debug info it's impossible to say.

Quite so. This seems to be the important part:

TLS certificate verification: depth: 1, err: 19, subject: /C=US/ST=Oregon/L=Portland/O=Example, Inc./OU=Example/CN=Example CA/emailAddress=www@example.com, issuer: /C=US/ST=Oregon/L=Portland/O=Example, Inc./OU=Example/CN=Example CA/emailAddress=www@example.com
TLS certificate verification: Error, self signed certificate in certificate chain
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.

If I'm reading this right, it thinks that the server and CA certs have the same CN, though I could have sworn I created them with different CNs...

Also, you didn't mention whether you've configured your ldap.conf properly. I will assume since you didn't mention it that you haven't configured it, and this obviously must be done first.

Quite so. I hadn't even noticed it. I only saw instructions for editing an ldap.conf used by pam and nis, neither of which I'm using at this point. I'll take a look at its man page and see what it says.