[Date Prev][Date Next]
Re: TLS question
Get a debug log on the client. Most likely you didn't set the ldap.conf
file that the client is actually using.
Note that getting the debug log on the server is not all that useful
here since it is *receiving* an "unknown CA" alert from the client; it
is the client that's complaining, not the server.
The client *is* configured - (ldap.conf):
The server is configured (slapd.conf):
Attached is the output of the server - indicating that the ca is still
"unknown " I've tried every combination of client/server configurations I
can think of, and still get the same thing - I'm not sure what I'm missing
(See attached file: server.out)
Sent by: To
No Phone Info Subject
Available Re: TLS question
I am trying to get TLS working on openldap-2.3.20. when I initiate
search, the debug info at the server indicates "unknown_ca". According
RFC 2246, this means that the "CA certificate could not be located or
couldn't be matched with a known, trusted CA". My question: Isn't the
slapd.conf "TLSCACertificateFile" directive what tells slapd which CA to
trust? If so, why isn't it working?
See the Admin Guide http://www.openldap.org/doc/admin23/tls.html
You need to configure the client.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/