[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.1.3 TLS: self signed certificate

To: <openldap-software@OpenLDAP.org>
Subject: OpenLDAP 2.1.3 TLS: self signed certificate
From: "Alan Sparks" <asparks@doublesparks.net>
Date: Mon, 22 Jul 2002 19:33:36 -0600 (MDT)
Importance: Normal

Not really finding the answer to this in the archives, so...

I have a server certificate I've signed with my CA certificate, everything
stored in PEM format.  The certs work OK on my Apache mod_ssl server.

I've added the configuration:
TLSCertificateFile      /opt/ldap/etc/denverops.quris.net.crt.pem
TLSCertificateKeyFile   /opt/ldap/etc/denverops.quris.net.key.pem
TLSCACertificateFile    /opt/apache/conf/ssl.crt/cacert.pem
TLSVerifyClient         never

Running slurpd in debug mode, ultimately I see:
TLS certificate verification: depth: 1, err: 19, subject:
/Email=sysadmin@quris.com/CN=Quris, Inc. Certificate Authority/O=Quris,
Inc./C=US/L=Denver, issuer: /Email=sysadmin@quris.com/CN=Quris, Inc.
Certificate Authority/O=Quris, Inc./C=US/L=Denver
TLS certificate verification: Error, self signed certificate in
certificate chain

What's wrong with a self-signed certificate?
Thanks for any hints.

===========
Alan Sparks, UNIX/Linux Systems Administrator
<asparks@doublesparks.net>

Follow-Ups:
- Re: OpenLDAP 2.1.3 TLS: self signed certificate
  - From: "Peter A. Savitch" <spam4octan@highway.ru>

Prev by Date: Converting from OpeLDAP V1.2 to 2.0 - close but no cigar
Next by Date: Re: GSSAPI error
Index(es):
- Chronological
- Thread