[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL and self-signed certificates

Dieter Kluenter wrote:
Rick Stevens<rps2@socal.rr.com>  writes:

I know this has been hashed over before, but I simply cannot get my
LDAP clients to talk TLS/SSL to my LDAP server.  I keep getting

	TLS certificate verification: Error, self signed certificate in
	certificate chain

This error may not be the culprit, if the error (or warning) is
referring to the CA.

Wrong. It is *exactly* the culprit.

What is the CN of the server certificate and what is the host part of
your search string?

If the cert CN were the problem, the error message would have said that. Don't second-guess these error messages.

In order to debug the TLS session run ldapsearch with -d3 option.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/