[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_start_tls: Can't contact LDAP server

To: openldap-software@OpenLDAP.org
Subject: ldap_start_tls: Can't contact LDAP server
From: Justin Wood <justin@flipdog.com>
Date: Sat, 20 Apr 2002 23:31:05 -0600
User-agent: Internet Messaging Program (IMP) 3.0 / FreeBSD-4.5

I'm having some trouble getting tls to work with my OpenLDAP
installation (v. 2.0.21 on FreeBSD 4.5-RELEASE)

I have set up my own CA and generated a wildcard cert, which I know to
work with other applications (imap, http, etc.).  I then added the
following lines to slapd.conf:

TLSCACertificateFile /etc/ssl/FlipDog/cacert.pem
TLSCertificateFile /usr/local/ssl/certs/flipdog.com.pem
TLSCertificateKeyFile /usr/local/ssl/keys/flipdog.com.key

When I try to do ldapsearch using -ZZ, I get the error in the Subject:
line.  I've tried doing a 

openssl s_client -connect ldapmaster.flipdog.com:636, and it seems to
see the cert, but I get a response I'm not sure of.  Along with
reporting the certificate it found, I see the following.

verify error:num=19:self signed certificate in certificate chain

Can anyone shed some light on this for me?

Thanks in advance,

Justin.
----------------------------------------------------------
Justin Wood                             justin@flipdog.com
Systems Administrator
FlipDog.com                        http://www.flipdog.com/
----------------------------------------------------------

Follow-Ups:
- RE: ldap_start_tls: Can't contact LDAP server
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: can I use a kerberos ticket with ldapsearch (and ldap librari es)
Next by Date: ldapperl - perl extension for OpenLDAP
Index(es):
- Chronological
- Thread