[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Still getting TLS errors with 2.3.11



On Mon, 2005-10-17 at 10:31 -0200, Andreas Hasenack wrote:
> On Mon, Oct 17, 2005 at 10:39:15AM +0200, Dieter Kluenter wrote:
> > I just experienced the same problem and it took me a few minutes to find
> > the reason, which resulted in
> > 
> > TLS trace: SSL3 alert read:fatal:certificate expired
> > TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> > TLS: can't accept.
> > TLS: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired s3_pkt.c:1052
> > connection_read(15): TLS accept error error=-1 id=1, closing
> > 
> > Creating and signing a new set of certificates solved it.
> 
> The certificate is fine here (other than being self-signed):
> # openssl x509 -in ldap.pem -noout -dates
> notBefore=Oct  7 16:26:09 2005 GMT
> notAfter=Aug 18 07:00:49 2021 GMT
> 
> If I run ldapsearch from another machine which has another version of
> openldap that is not 2.3.11 nor 2.3.10, then it works.

On my OL 2.3.11 test servers both SSL and TLS work fine.
We use our own CA certificate to sign our cert requests.

Sam