[SASAG] Need help with openldap TLS

Ski Kacoroski kacoroski at comcast.net
Fri Jun 2 10:51:34 PDT 2006


I have been in certificate hell for the last few days and can really use 
some help.  I have tried self signed and cacert.org with no luck. 
Openssl verifies the certs ok:

ldapum:/opt/openldap/ssl/certs# openssl verify testcert.pem
testcert.pem: OK

but openldap still gives errors:

ldapum:/opt/openldap/ssl/certs# ldapsearch -H ldaps:/// -x "(uid=ski)" uid
ldap_bind: Can't contact LDAP server (-1)
         additional info: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The log file shows:
May 21 16:27:55 localhost slapd[450]: connection_read(15): TLS accept 
failure error=-1 id=0, closing

Any help is most appreciated.  Either email or phone at 425-489-6263.



"When we try to pick out anything by itself, we find it
  connected to the entire universe"            John Muir

Chris "Ski" Kacoroski, kacoroski at comcast.net, 206-501-9803

More information about the Members mailing list