[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL and self-signed certificates

please stay on the mailing list.

Rick Stevens <rps2@socal.rr.com> writes:

> Dieter Kluenter wrote:
>> Rick Stevens <rps2@socal.rr.com> writes:
>>> I know this has been hashed over before, but I simply cannot get my
>>> LDAP clients to talk TLS/SSL to my LDAP server.  I keep getting
>>> 	TLS certificate verification: Error, self signed certificate in
>>> 	certificate chain
>> This error may not be the culprit, if the error (or warning) is
>> referring to the CA.
>> What is the CN of the server certificate and what is the host part of
>> your search string?
> The CN of the server certificate is:
> 	CN=bigdog.hci.com/emailAddress=ricks@nerd.com
> The host part of the search is "-h bigdog.hci.com"
>> In order to debug the TLS session run ldapsearch with -d3 option.
> I never see it try to pick up the server's certificate, just the CA's
> and I see a "TLS trace: SSL3 alert write:fatal:unknown CA" error before
> it dies.

OK, could you please provide the TLS related entries of slapd.conf and
ldap.conf? It seems that the server is not providing a server
certificate but a CA.


Dieter Klünter | Systemberatung