[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS Connection Failure

Radomir Klacza <rklacza@melog.com> writes:

> Hi all,
> I'm trying to establish TLS connection with my newly configured
> OpenLDAP server, but all the time I get the TLS Connection Failure
> error.
> I have the following configuration in slapd.conf:
> TLSCACertificateFile /etc/openldap/cacert.pem
> TLSCertificateFile /etc/openldap/servercrt.pem
> TLSCertificateKeyFile /etc/openldap/serverkey.pem
> TLSVerifyClient never
> The CA and certs where creating with accordance to this tutorial:
> http://www.openldap.org/faq/data/cache/185.html
> TLS: can't connect.
> ldap_perror
> ldap_start_tls: Connect error (-11)
> client is configured:
> TLS_CACERT /etc/openldap/cacert.pem

Does the client have read access to /etc/openldap/ldap.conf and to

> and cacert is the same like on the server.
> I'm using gentoo with openldap  2.4.19-r1 and openssl 0.9.8n
> I'm working on it for long time and currently I have no idea why it
> does not working...

Could you start slapd with -h ldaps:/// and try
openssl s_client -connect <server>:636 -CAfile /path/to/CA -showcerts
and  check the CN value of the certificate returned.


Dieter Klünter | Systemberatung
sip: +49.40.20932173