[Date Prev][Date Next]
Re: TLS configuration needs client certification (why?)
Frank Cornelissen wrote:
why does slapd require a peer/client certificate? I'm slapd 2.3.30 on
debian (package 2.3.30-5 to be precise).
when connexting with ssl to slapd using
ldapsearch -H ldaps://artemis.t310.org -b dc=t310,dc=org -x
I get the following error from slapd (started with -d 8):
TLS: can't accept.
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a
When connecting to the same host but with the ldap protocol (vs
ldaps) the search results correctly.
This error seems like somehow slapd wants to get a client certficate,
but I did not set slapd up that way. The ldap.conf on the client
machines only contains the CA certificate field:
relevant parts from slapd.conf (included in total at the end of
Uncomment the "TLSVerifyClient never" directive here to work around this problem.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/