[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using TLS/SSL with openldap 2.1.2



Peter,

I tried using the FQDN=aptrain.comneti.com as well as just the
HOSTNAME=aptrain. But I get the same error. I dont know why the slapd is
complaining about the client certificate since I have set TLSVerifyClient=never
(that is the default also).

Thank you for the suggestion, I will keep trying. If you find anything please
let me know.

regards,
dinesh

"Peter A. Savitch" wrote:

> Hello Dinesh,
>
> Wednesday, July 17, 2002, 10:58:26 PM, you wrote:
>
> DS> TLS certificate verification: depth: 1, err: 0, subject:
> DS> /C=US/ST=ILLINOIS/L=Lis
> DS> le/O=Comnet Int/OU=SUPPORT/CN=aptrain/Email=dvs@comneti.com, issuer:
> DS> /C=US/ST=IL
> DS> LINOIS/L=Lisle/O=Comnet Int/OU=SUPPORT/CN=aptrain/Email=dvs@comneti.com
> DS> TLS certificate verification: depth: 0, err: 0, subject:
> DS> /C=US/ST=ILLINOIS/O=Com
> DS> net Int/OU=SUP/CN=aptrain/Email=dvs@comneti.com, issuer:
> DS> /C=US/ST=ILLINOIS/L=Lis
> DS> le/O=Comnet Int/OU=SUPPORT/CN=aptrain/Email=dvs@comneti.com
>
> DS> ldap.conf
> DS> host aptrain.comneti.com
>
> DS> Is there any options that are missing ? I was able to use the openssl
> DS> s_server and s_client to talk using the certificates in the slapd.conf.
>
> Maybe You have misspelled host name in server certificate.
> Try either to use full host name in server certificate, or unqualified
> host name with the client. This does make sense for SSL as I know.
>
> --
> Best regards,
>  Peter                            mailto:spam4octan@highway.ru