[SASAG] Need help with openldap TLS -- RESOLVED

Ski Kacoroski kacoroski at comcast.net
Fri Jun 2 14:02:10 PDT 2006

Multiple problems:

- date incorrect on server
- problems openldap using incorrect libraries
- problems with certs

I think the biggest frustrution was not really knowing how to interpret 
the error messages (I could not find one place on the internet that 
would say XXX error means check YYY).  Anyway, I know more about openssl 
than I ever wanted to now.



Ski Kacoroski wrote:
> Hi,
> I have been in certificate hell for the last few days and can really use 
> some help.  I have tried self signed and cacert.org with no luck. 
> Openssl verifies the certs ok:
> ldapum:/opt/openldap/ssl/certs# openssl verify testcert.pem
> testcert.pem: OK
> but openldap still gives errors:
> ldapum:/opt/openldap/ssl/certs# ldapsearch -H ldaps:/// -x "(uid=ski)" uid
> ldap_bind: Can't contact LDAP server (-1)
>          additional info: error:14090086:SSL 
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> The log file shows:
> May 21 16:27:55 localhost slapd[450]: connection_read(15): TLS accept 
> failure error=-1 id=0, closing
> Any help is most appreciated.  Either email or phone at 425-489-6263.
> Thanks,
> ski

"When we try to pick out anything by itself, we find it
  connected to the entire universe"            John Muir

Chris "Ski" Kacoroski, kacoroski at comcast.net, 206-501-9803

More information about the Members mailing list