[Date Prev][Date Next] [Chronological] [Thread] [Top]

Connecting Netscape + SSL to OpenLdap 2.0.6



Hello,

I have installed OpenLDAP 2.0.6 w/ Open SSL 0.9.5a and Cyrus SASL 1.5.24.  I
am attemping to have Netscape Messenger connect to OpenLDAP via SSL.
Unfortunately, I keep getting this error reported by OpenLDAP:

TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL3 alert read:fatal:bad certificate
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
s_pkt.c:956

I can successfully connect via SSL when using ldapsearch.  I can also
successfully connect to OpenLDAP w/ Netscape w/out using SSL.

The errors mention problems w/ the client certificate.  If this really is
the client cert from Netscape, I don't know how to change that.  I've
searched the mailing list archives, but it sounds like other people have
just had this work without any problems.

Has anyone seen this problem before?  Any tips, pointers, help would be
greatly appreciated.

Thanks very much,
Seth