[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: unknown CA

To: "'thierryW'" <thierryw@libertysurf.fr>, Howard Chu <hyc@highlandsun.com>
Subject: AW: unknown CA
From: Tarassov Vadim <Vadim.Tarassov@winterthur.ch>
Date: Mon, 17 Jun 2002 13:09:51 +0200
Cc: openldap-software@OpenLDAP.org

May be adding of something similar to TLS_CERT and TLS_KEY to ldap.conf will help?

regards, vadim tarassov.

-----Ursprüngliche Nachricht-----
Von: thierryW [mailto:thierryw@libertysurf.fr]
Gesendet am: Montag, 17. Juni 2002 12:16
An: Howard Chu
Cc: openldap-software@OpenLDAP.org
Betreff: Re: unknown CA

ThierryW wrote :
I was having the same error (unknown CA), like you write i put
TLS_CACERT /usr/local/openldap/etc/certs/CA_pubkey.pem) in ldap.conf but 
now i get a new error :
connection_read(14): unable to get TLS client DN error=49 id=6
then it bind anonymous..?
thierryW


Howard Chu wrote:
> I have just this afternoon committed the support for the TLSCACertPath.
> If you pull the latest version of libldap/tls.c from CVS you'll get it.
> (But in general, you are of course welcome to fix/write anything you wish.)
> 
> As for the unknown CA problem, you need to configure your LDAP clients to
> use the certs as well. It looks like you have only configured slapd so far.
> 
> You probably need to add this
> 	TLS_CACERT /usr/local/openldap/etc/certs/CA_pubkey.pem)
> to your /usr/local/openldap/etc/ldap.conf file.
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support 
> 
> 
>>-----Original Message-----
>>From: Tarassov Vadim [mailto:Vadim.Tarassov@winterthur.ch]
>>Sent: Friday, June 14, 2002 4:31 AM
>>To: 'Howard Chu'; Tarassov Vadim; OpenLDAP-software@OpenLDAP.org
>>Subject: AW: unknown CA
>>
>>
>>Hallo Howard,
>>
>>Do you mind if I will fix it? And look, I believe there is 
>>something wrong with
>>
>>openldap 2.1.2, openssl 1.9.6d 
>>
>>if build together on solaris 2.6 with forte 6 update 1. I was 
>>struggling few hours with those fancy error messages I've 
>>described before, but could not find anything besides of the fact 
>>that s_client and s_server do work well with the same 
>>certificates. Thus, I will have to investigate this problem. I 
>>will inform you regardless to if I will have success or not.
>>
>>Cheers, Vadim Tarassov.
> 
> 
>

Prev by Date: RE: unknown CA
Next by Date: RE: {KERBEROS} userPasswords
Index(es):
- Chronological
- Thread