[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to get TLS Working

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: Trying to get TLS Working
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Tue, 28 Sep 2004 02:21:00 +0200
In-reply-to: <7047D238-10CE-11D9-A0B1-000A95B9602E@kineticode.com>
Organization: Billy
References: <7047D238-10CE-11D9-A0B1-000A95B9602E@kineticode.com>

man, 27.09.2004 kl. 23.44 skrev David Wheeler:

> Pardon my newbie-ness. I'm setting up my new OpenLDAP server to  
> authenticate for Subversion and, eventually other things (postfix,  
> Bricolage, RT, etc.). But right now I'm running into trouble getting  
> TLS to work, both with the ldap clients and with  
> mod_auth_ldap/mod_ldap. Here's an example:
> 
>    % ldapsearch -x -b 'dc=example,dc=com' -D  
> "cn=admin,dc=example,dc=com" \
>      -h ldap.example.com -w password -ZZ '(objectclass=*)'
>    ldap_start_tls: Connect error (-11)
>            additional info: error:14090086:SSL  
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> 
> I set up my certificates according to the instructions on this handy  
> page:

If you just set up a perfectly normal server cert signed by a perfectly
normal (self-generated) CA cert as described in Kent Soper's HOWTO, what
happens then? That's how I make mine. Postfix, Apache, Openldap, all
work with the one, same, server cert.

--Tonni

-- 
«Livet er ein gamp», sa øyken.
I can confirm this.

mail: tonye@billy.demon.nl
http://www.billy.demon.nl

They love us, don't they, They feed us, won't they

Follow-Ups:
- Re: Trying to get TLS Working
  - From: David Wheeler <david@kineticode.com>

References:
- Trying to get TLS Working
  - From: David Wheeler <david@kineticode.com>

Prev by Date: configure: error: Berkeley DB version mismatch - request to amend INSTALL text file for future version of release
Next by Date: Re: Trying to get TLS Working
Index(es):
- Chronological
- Thread