[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_start_tls: Can't contact LDAP server



I'm having some trouble getting tls to work with my OpenLDAP
installation (v. 2.0.21 on FreeBSD 4.5-RELEASE)

I have set up my own CA and generated a wildcard cert, which I know to
work with other applications (imap, http, etc.).  I then added the
following lines to slapd.conf:

TLSCACertificateFile /etc/ssl/FlipDog/cacert.pem
TLSCertificateFile /usr/local/ssl/certs/flipdog.com.pem
TLSCertificateKeyFile /usr/local/ssl/keys/flipdog.com.key

When I try to do ldapsearch using -ZZ, I get the error in the Subject:
line.  I've tried doing a 

openssl s_client -connect ldapmaster.flipdog.com:636, and it seems to
see the cert, but I get a response I'm not sure of.  Along with
reporting the certificate it found, I see the following.

verify error:num=19:self signed certificate in certificate chain

Can anyone shed some light on this for me?

Thanks in advance,

Justin.
----------------------------------------------------------
Justin Wood                             justin@flipdog.com
Systems Administrator
FlipDog.com                        http://www.flipdog.com/
----------------------------------------------------------