[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get TLS Working

David Wheeler wrote:

Hi All,

Pardon my newbie-ness. I'm setting up my new OpenLDAP server to authenticate for Subversion and, eventually other things (postfix, Bricolage, RT, etc.). But right now I'm running into trouble getting TLS to work, both with the ldap clients and with mod_auth_ldap/mod_ldap. Here's an example:

% ldapsearch -x -b 'dc=example,dc=com' -D "cn=admin,dc=example,dc=com" \
-h ldap.example.com -w password -ZZ '(objectclass=*)'
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I set up my certificates according to the instructions on this handy page:


And my slapd.conf TLS section look like this:


I've spent a lot f time Googling to try to figure this out, but haven't had much luck. Any kind suggestions would be greatly appreciated.

Run ldapsearch with debugging enabled. There are a variety of reasons this may be failing, but without the debug info it's impossible to say. Also, you didn't mention whether you've configured your ldap.conf properly. I will assume since you didn't mention it that you haven't configured it, and this obviously must be done first.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support