[SASAG] Need help with openldap TLS -- RESOLVED
Ski Kacoroski
kacoroski at comcast.net
Fri Jun 2 14:02:10 PDT 2006
Multiple problems:
- date incorrect on server
- problems openldap using incorrect libraries
- problems with certs
I think the biggest frustrution was not really knowing how to interpret
the error messages (I could not find one place on the internet that
would say XXX error means check YYY). Anyway, I know more about openssl
than I ever wanted to now.
cheers,
ski
Ski Kacoroski wrote:
> Hi,
>
> I have been in certificate hell for the last few days and can really use
> some help. I have tried self signed and cacert.org with no luck.
> Openssl verifies the certs ok:
>
> ldapum:/opt/openldap/ssl/certs# openssl verify testcert.pem
> testcert.pem: OK
>
> but openldap still gives errors:
>
> ldapum:/opt/openldap/ssl/certs# ldapsearch -H ldaps:/// -x "(uid=ski)" uid
> ldap_bind: Can't contact LDAP server (-1)
> additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> The log file shows:
> May 21 16:27:55 localhost slapd[450]: connection_read(15): TLS accept
> failure error=-1 id=0, closing
>
> Any help is most appreciated. Either email or phone at 425-489-6263.
>
> Thanks,
>
> ski
>
>
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, kacoroski at comcast.net, 206-501-9803
More information about the Members
mailing list