[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Still getting TLS errors with 2.3.11

To: openldap-software@OpenLDAP.org
Subject: Re: Still getting TLS errors with 2.3.11
From: Andreas Hasenack <ahasenack@terra.com.br>
Date: Mon, 17 Oct 2005 10:31:10 -0200
Content-disposition: inline
In-reply-to: <877jccleq4.fsf@rubin.l4b.de>
References: <200510162039.55880.ahasenack@terra.com.br> <877jccleq4.fsf@rubin.l4b.de>
User-agent: Mutt/1.5.11

On Mon, Oct 17, 2005 at 10:39:15AM +0200, Dieter Kluenter wrote:
> I just experienced the same problem and it took me a few minutes to find
> the reason, which resulted in
> 
> TLS trace: SSL3 alert read:fatal:certificate expired
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired s3_pkt.c:1052
> connection_read(15): TLS accept error error=-1 id=1, closing
> 
> Creating and signing a new set of certificates solved it.

The certificate is fine here (other than being self-signed):
# openssl x509 -in ldap.pem -noout -dates
notBefore=Oct  7 16:26:09 2005 GMT
notAfter=Aug 18 07:00:49 2021 GMT

If I run ldapsearch from another machine which has another version of
openldap that is not 2.3.11 nor 2.3.10, then it works.

Follow-Ups:
- Re: Still getting TLS errors with 2.3.11
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: Still getting TLS errors with 2.3.11
  - From: Samuel Tran <stran@amnh.org>

References:
- Still getting TLS errors with 2.3.11
  - From: Andreas Hasenack <ahasenack@terra.com.br>
- Re: Still getting TLS errors with 2.3.11
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Still getting TLS errors with 2.3.11
Next by Date: Re: database directory inside database directory
Index(es):
- Chronological
- Thread