[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: load balancer with SSL

On 4/24/06, Samuel Tran <stran@amnh.org> wrote:
> On Mon, 2006-04-24 at 10:55 -0400, Jeremiah Martell wrote:
> > I'm having some troubles with using SSL over a LDAP load balancer.
> > Without SSL everything works fine, but when I turn on SSL I get a
> > failure. But if I use SSL and bypass the load balancer and point
> > directly to a LDAP directry everything works fine again.
> >
> > Is there something tricky or special I need to know to get this to work?
> >
> Hi Jeremiah,
> What is the error message you got when trying to communicate with the
> LDAP load balancer over SSL? What DNS names did you use to contact the
> load balancer and each individual LDAP server? How did you create the
> SSL certificates for the LDAP servers?
> I suspect that you haven't created the SSL certificates for the LDAP
> servers with the 'SubjectAltName' field set to the DNS name of the load
> balancer.
> Hope this helps.
> Sam

I know the load balancer is setup properly because another ldap client
can connect to it with SSL and do searches ok.

The error message I got was just "-1" unable to connect.

With my openldap client I have the TLS_REQCERT option set to "never"
in ldap.conf, so it shouldnt be a bad name in the certificate, right?

Using Ethereal it looks like a valid SSL session is initiated, but
then there's no SSL data traffic afterwards. I'm at a loss as to what
could be causing this. Any ideas on what to try or look for?


 - Jeremiah