[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client says Can't contact LDAP server, but it can!

--On Monday, July 28, 2008 11:30 AM -0700 John Oliver <joliver@john-oliver.net> wrote:

On Mon, Jul 28, 2008 at 09:20:23AM +0200, Buchan Milne wrote:
Or, ensure that the "CA certificate" that the clients use contains the
certificates of the issuer of both of the server certificates, and that
the  value of the subject CN on both certificates matches the name you
use to  connect to the servers.

I've tried:

openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout
server.pem -days 3650

This generates a self-signed cert without a CA. That's part of the root of your problem. By your own email, you have no concept of how SSL signing and authority works. Yet you reject the advice that's been given out of hand. Go back to the link I sent you, and set up your certs correctly, which a valid self-generated CA, or do as others have suggested, stop using SSL until you understand how it works.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration