[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL handshake failure

Nathan Huesken wrote:
Hello together,

I am trying to enable TLS on my ldap server. I executed:
openssl req -config /etc/ssl/openssl.cnf -new -x509 -nodes -out /etc/ssl/ldap.pem -keyout /etc/openldap/ldap-key.pem -days 999999

and added:
TLSCertificateFile /etc/ssl/ldap.pem
TLSCertificateKeyFile /etc/openldap/ldap-key.pem
TLSVerifyClient demand

to my slapd.conf.
To my ldap.conf, I added:
TLS_CERT     /etc/ssl/ldap.pem
TLS_KEY      /etc/openldap/ldap-key.pem
TLS_REQCERT     allow

Re-read ldap.conf(5).

and tried
ldapsearch -x -b 'cn=Manager,dc=lonely-star,dc=org' '(objectclass=*)' -ZZ
to test it.

The result is:
ldap_start_tls: Connect error (-11)
		additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Any suggestions what the pronblem could be?

-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/