[Date Prev][Date Next]
Re: TLS/SSL and self-signed certificates
please stay on the mailing list.
Rick Stevens <firstname.lastname@example.org> writes:
> Dieter Kluenter wrote:
>> Rick Stevens <email@example.com> writes:
>>> I know this has been hashed over before, but I simply cannot get my
>>> LDAP clients to talk TLS/SSL to my LDAP server. I keep getting
>>> TLS certificate verification: Error, self signed certificate in
>>> certificate chain
>> This error may not be the culprit, if the error (or warning) is
>> referring to the CA.
>> What is the CN of the server certificate and what is the host part of
>> your search string?
> The CN of the server certificate is:
> The host part of the search is "-h bigdog.hci.com"
>> In order to debug the TLS session run ldapsearch with -d3 option.
> I never see it try to pick up the server's certificate, just the CA's
> and I see a "TLS trace: SSL3 alert write:fatal:unknown CA" error before
> it dies.
OK, could you please provide the TLS related entries of slapd.conf and
ldap.conf? It seems that the server is not providing a server
certificate but a CA.
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6