[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS Connection Failure

To: openldap-technical@openldap.org
Subject: Re: TLS Connection Failure
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Thu, 10 Jun 2010 21:18:11 +0200
In-reply-to: <4C10AB53.1090200@melog.com> (Radomir Klacza's message of "Thu, 10 Jun 2010 11:07:31 +0200")
References: <4C10AB53.1090200@melog.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b29 (linux)

Radomir Klacza <rklacza@melog.com> writes:

> Hi all,
> I'm trying to establish TLS connection with my newly configured
> OpenLDAP server, but all the time I get the TLS Connection Failure
> error.
>
> I have the following configuration in slapd.conf:
> TLSCACertificateFile /etc/openldap/cacert.pem
> TLSCertificateFile /etc/openldap/servercrt.pem
> TLSCertificateKeyFile /etc/openldap/serverkey.pem
> TLSVerifyClient never
>
> The CA and certs where creating with accordance to this tutorial:
> http://www.openldap.org/faq/data/cache/185.html
[...]
> TLS: can't connect.
> ldap_perror
> ldap_start_tls: Connect error (-11)
>
> client is configured:
> TLS_CACERT /etc/openldap/cacert.pem

Does the client have read access to /etc/openldap/ldap.conf and to
/etc/openldap/cacert.pem? 

> and cacert is the same like on the server.
> I'm using gentoo with openldap  2.4.19-r1 and openssl 0.9.8n
>
> I'm working on it for long time and currently I have no idea why it
> does not working...

Could you start slapd with -h ldaps:/// and try
openssl s_client -connect <server>:636 -CAfile /path/to/CA -showcerts
and  check the CN value of the certificate returned.

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6

References:
- TLS Connection Failure
  - From: Radomir Klacza <rklacza@melog.com>

Prev by Date: Re: User restriction
Next by Date: Re: Communicate from php/apache to openLDAP over LDAPS
Index(es):
- Chronological
- Thread