[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap-2.4.35 TLS/SSl

Try with

openssl s_client -connect -CAfile /opt/local/etc/openldap/GeoTrust_Global_CA.cer

By the way, is your CA cert file GeoTrust_Global_CA.cer is in pem format ?


On 28/06/2013 21:01, Darouichi, Aziz wrote:




I am trying to configure TLS/SSL and I  have a Cert from  Geotrust . I configure slapd.conf with the followings:


# TLS/SSL information



TLSCACertificateFile   /opt/local/etc/openldap/GeoTrust_Global_CA.cer

TLSCertificateFile  /opt/local/etc/openldap/rhea.curry.edu.pem.cer

TLSCertificateKeyFile  /opt/local/etc/openldap/rhea.key.pem


But when I check the cert using      “openssl s_client -connect -CApath /opt/local/etc/openldap/”  I get


140230373582504:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:


no peer certificate available


No client certificate CA names sent


SSL handshake has read 0 bytes and written 321 bytes


New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE


I checked the log I see TLS connection