[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Start TLS

--On December 14, 2007 12:16:04 PM +1100 Andy <theands@gmail.com> wrote:


I currently have a openldap installed on a debian etch box. I have setup
a CA on the box and created the certificates and have ssl/tsl working. I
have tested that ssl/tsl is working by preforming a search

"# ldapsearch -x -W -D 'cn=admin,dc=test,dc=com' -H \ ldap://test.com -ZZ

This search operation returns me with the correct user.

When I try and preform a "startTLS" from another PC I recieve the
following error

ldap_start_tls: Connect error (-11)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Can anyone help me solve this problem?

Make sure the client on the other PC has access to the CA cert. Otherwise, as it says, it can't verify the certificate being presented.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration