[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap not finding internal CA?

Hi Kurt,

On Wed, Jun 17, 2009 at 7:26 PM, Kurt Yoder<ktyopenldap@yoderhome.com> wrote:
> Some background: I have set up my own CA and generated a certificate for it,
> which the LDAP server is using. Without specifying this CA, I get
> "self-signed certificate" errors when connecting:
> root@host:# openssl s_client -connect my.ldap.server:636 -showcerts
> CONNECTED(00000003)
> <... trimmed certificate information ...>
> verify error:num=19:self signed certificate in certificate chain


> My openldap is version 2.4.15 on Ubuntu Jaunty. Interestingly, I had the
> same message about self-signed certificates on previous Ubuntu versions, but
> querying ldap with "TLS_REQCERT demand" works fine.

As Howard mentioned this should have been fixed in 2.4.16. However
could you try to put both the CA certificate *and* the server
certificate in the cert.file used by the slapd server - (that way the
whole CA chain is sent to the client by gnutls) ?

Mathias Gug
Ubuntu Developer  http://www.ubuntu.com