[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL issues

Paul Stephens wrote:

Having problems getting my TLS setup working.

Current setup:

Ubuntu 11.10 (3.0.0-16 server)

OpenLDAP 2.4.25

I have been using the instructions at:
https://help.ubuntu.com/11.10/serverguide/C/openldap-server.html though to be
honest I am relatively new to TLS and using certtool, etc.  I have now been
copy and pasting the commands given in case my typing is as good as it usually is.

Unencrypted LDAP works fine including syncing with a slave and samba
authentication (non-TLS that is!)

It appears to be something to do with the self-signed certificate not being
trusted and seems to be a common problem people run into.  I have been
researching it for a while but at this stage Iâm kind of just trying randomly
browsed suggestions, with most admittedly geared towards pervious OpenLDAP
versions and not really assisting with my understanding of the problem in the
first place.

You should read the OpenLDAP Admin Guide.


The Ubuntu doc you read is not wrong, but it only told you how to configure the server. (Obviously, since it's labelled a "serverguide"). You also need to do some client side configuration. The OpenLDAP Admin Guide chapter on TLS tells you how to do both.

TLS: peer cert untrusted or revoked (0x42)

TLS: can't connect: (unknown error code).


ldap_start_tls: Connect error (-11)

                 additional info: (unknown error code)

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/