[Date Prev][Date Next]
I am baffled as I have followed every HowTo and FAQ on line to get TLS
working, and it just refuses to work on the LDAP server.
Here is what I have done thus far. I create a very basic LDIF with just my
base organization and an admin user. If I query LDAP using ldapsearch I get
back what I would expect to see from what I added using my LDIF. Fine.
So now I want to get TLS working. I create a certificate using the
openssl req -new -x509 -nodes \
-out slapdcert.pem -keyout slapdkey.pem \
This create my certificates and I add the following lines to my slapd.conf
and restart slapd.
I go back to do an ldapsearch the only change being ldap://localhost/ to
ldaps://localhost/ and I get an error message:
Ldap_bind: Can't contact LDAP server (-1)
Additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Now I have checked to be 100% certain that I have the right CN in the
certificate and that I can to forward and reverse DNS properly. So what have
I missed? The funny thing is, TLS works fine from a remote host, but not on
the server itself. I tried changing localhost to the actual DNS name of the
server, but still I get the same error.
Thanks for your help!