[Date Prev][Date Next]
Re: LDAPS connection failing with a "TLS accept failure error -1"
- To: Dieter Kluenter <email@example.com>
- Subject: Re: LDAPS connection failing with a "TLS accept failure error -1"
- From: Marcelo de Moraes Serpa <firstname.lastname@example.org>
- Date: Thu, 20 May 2010 11:03:29 -0500
- Cc: email@example.com
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=byay79tIKAAMKvk3qPBjKkmXdkwYJ6engsVgDuo655c=; b=ThzAZSbmYvx8byVnSS/jLF+5oQXlWvB8xQJsQEAJ+MXgol5C+p0MvL4kD/E0FLRZMA q5cquF77dCoT3RcmqxGmKRT9WGPRS2yVqmbrtpdXJlJR5PCUt1lRrbYKE4Hm/7d7qj86 nGeWyTsn2ymPyGL+lYP9gvrhwN68IfXV2nLRw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=WuUEB9K4iSZeB87qRb6govPOdrB7y6s29kdd5/d9Wr09aUai3XnZFV3vSPpMgvEetY urQKeE4Zj6fSkWq49Kvy9Hi0cunKTiVqIuNbBOwUcE3TZVfrdNStl043+9gDSLYMBPHi EOVmCFOI6wkmIo8yFylm9jK5u+arPZ+DCb+Y4=
- In-reply-to: <firstname.lastname@example.org>
- References: <AANLkTilK_XPwbibel3tOKIFb6jZNnTPw4zELsbxZMGRH@mail.gmail.com> <email@example.com>
Thanks for the reply,
This server was only for testing purposes, so, that's why I used a self-signed certificate.
I got it working, the issue, as stupid as it is, was that I was editing the wrong ldap.conf file (Mac OSX has one on /etc/openldap and other on /opt/local/etc/openldap, which was the one being used).
On Thu, May 20, 2010 at 3:09 AM, Dieter Kluenter <firstname.lastname@example.org>
Marcelo de Moraes Serpa <email@example.com
> Hello all,
> I hope someone could help me -- I'm trying for almost one whole day already
> and couldn't get LDAP over SSL to work, without success.
> I have generated a self-signed certificate using this command:[...]
> sudo openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout
> server.pem -days 3650
This is not the proper way to create a certificate chain.
1. create a certificate authority
2. create a server certificate
3. sign the server certificate with the CA
4. extract the password from server certificate into a key
You may use tinyCA to create the chain
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6