[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS/SSL Configuration for LDAP
Shouldn't you use distinct files, eg, server.crt and server.key?
On 06/07/02, I received this from test@newpanel.com:
> In my slapd.conf i have :
>
> TLSCertificateFile /usr/local/ssl/certs/server.pem
> TLSCertificateKeyFile /usr/local/ssl/certs/server.pem
>
>
> When i use
> ldapsearch -x -H 'ldaps://ldap.mydomain.com' -b 'ou=company,
> dc=mydomain, dc=com'
> i have a good result
>
> if i use AddressBook in Netscape with Port : 636
> I have an error an no result
>
> debug of slapd is like that :
>
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: activity on 1 descriptors
> daemon: activity on: 9r
> daemon: read activity on 9
> connection_get(9): got connid=2
> connection_read(9): checking for input on id=2
> TLS trace: SSL3 alert read:fatal:bad certificate
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate s3_pkt.c:1031
> connection_read(9): TLS accept error error=-1 id=2, closing
> connection_closing: readying conn=2 sd=9 for close
>
> Have you an idea ?
> Thanks
>
>
>
>
--
Mark Johnson
markj@gilanet.com
office: (505)534-4099
mobile: (505)590-1152
home: (505)388-3840
address: POBox 53145, Pinos Altos, NM 88053-3145