[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Self-signed server cert within our corp = failure


   You need to find out where your ldap.conf file is and add an entry to that


This directive makes the client allow and complete the ssl handshake even if the server cert does not match.

This error that you get is because of the fact that either the CN of the server and the issuer are same or something like that.That is probably error codes 18 or 19(ssl error codes).

Just try this out to be more clear:

$ openssl s_client -connect x.x.x.x:636 -showcerts

Which will barf out the error codes.



Quoting Quanah Gibson-Mount <quanah@zimbra.com>:

--On Thursday, January 22, 2009 2:20 PM -0500 Jeff Blaine
<jblaine@kickflop.net> wrote:

OpenLDAP 2.4.11 client

How do I subvert this bogusness? The cert is legit.

Provide the CA.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration

-- Sankhadip Sengupta School of Computing, University of Utah, Utah-84112, U.S.A.

---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.