[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.1.3 TLS: self signed certificate



Not really finding the answer to this in the archives, so...

I have a server certificate I've signed with my CA certificate, everything
stored in PEM format.  The certs work OK on my Apache mod_ssl server.

I've added the configuration:
TLSCertificateFile      /opt/ldap/etc/denverops.quris.net.crt.pem
TLSCertificateKeyFile   /opt/ldap/etc/denverops.quris.net.key.pem
TLSCACertificateFile    /opt/apache/conf/ssl.crt/cacert.pem
TLSVerifyClient         never

Running slurpd in debug mode, ultimately I see:
TLS certificate verification: depth: 1, err: 19, subject:
/Email=sysadmin@quris.com/CN=Quris, Inc. Certificate Authority/O=Quris,
Inc./C=US/L=Denver, issuer: /Email=sysadmin@quris.com/CN=Quris, Inc.
Certificate Authority/O=Quris, Inc./C=US/L=Denver
TLS certificate verification: Error, self signed certificate in
certificate chain

What's wrong with a self-signed certificate?
Thanks for any hints.

===========
Alan Sparks, UNIX/Linux Systems Administrator
<asparks@doublesparks.net>