[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AW: StartTLS is not working

Hi Hauke,

I still can't get TLS to work. Here is the error message.

TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 30                               ......0          
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
ldap_start_tls: Connect error (-11)


----- Original Message ----
From: Hauke Coltzau <hauke.coltzau@FernUni-Hagen.de>
To: Dat Duong <datduong2000@yahoo.com>
Cc: openldap-technical <openldap-technical@openldap.org>
Sent: Tuesday, October 7, 2008 1:25:37 AM
Subject: AW: StartTLS is not working

Hi Dat,

first of all: Please send your questions to the list so that
other users with the same problem can find the solution, too.

To your problem: Please make sure that you have a correct
value for your ServerCA's private key in your openssl.cnf. It
should read something like this:

[ ServerCA ]

# Where is the base directory for the ServerCA
dir            = /usr/lib/ssl/ServerCA

# Where is the ServerCA's certificate
certificate    = $dir/ServerCA.cert.pem

# and where is the ServerCA's private key
private_key    = $dir/private/ServerCA.key.pem

Without the private key, the ServerCA will not be
able to sign your LDAP certificate. You will find more
configuration hints for openssl.cnf in the tutorial.

Hope this helps,



----- Ursprüngliche Mail -----
Von: "Dat Duong" <datduong2000@yahoo.com>
An: "hauke coltzau" <hauke.coltzau@FernUni-Hagen.de>
Gesendet: Dienstag, 7. Oktober 2008 09:06:07 GMT +01:00 Amsterdam/Berlin/Bern/Rom/Stockholm/Wien
Betreff: StartTLS is not working

Hi Hauke,

I read your instruction on how to create Root CA ...I have a hard time understanding the step. I have a question on how to sign the ldap server certificated using Server CA? I get an error message:

bash-3.00# openssl ca -name ServerCA -in afldap01.req.pem -out afldap01.cert.pem

Using configuration from /usr/local/ssl/openssl.cnf
variable lookup failed for ServerCA::private_key
18908:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=ServerCA name=private_key


      Fernuniversität in Hagen
  Lehrgebiet Kommunikationsnetze

Fon/Fax: +49 2331 987 -1142 / -353