[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: RE: LDAPS: What am I doing wrong?]



Brian,

The verify errror you are getting is because the server certificate has to be
signed by a root CA (which is a self signed certificate). Unless this
certificate chain is verified by the client you will get an error. The link
which was mentioned in Mr Howard's mail should help you generate a root CA and
use that to sign the server certificate.
Refer to the openldap administrator guide (this has been updated with TLS
configuration information).
You can also refer this link if you have any further questions regarding the
general  procedures for generating certificates:

http://www.binarytool.com/docs/ssl-cert-HOWTO.html

dinesh



Brian wrote:

> Whoops.  Forgot to Cc: to the list.
>
> -----Forwarded Message-----
>
> From: Brian <brianb@sboss.net>
> To: Howard Chu <hyc@symas.com>
> Subject: RE: LDAPS:  What am I doing wrong?
> Date: 12 Sep 2002 15:56:29 -0400
>
> On Thu, 2002-09-12 at 15:51, Howard Chu wrote:
>
> > > I created a self-signed certificate (making sure to use my FQDN):
> > > openssl req -new -x509 -nodes -out slapd.pem -keyout slapd.pem -days 365
> > > I checked to see if the certificate was valid:
> >
> > What part of "verify error" makes you think your certificate is valid?
>
> Fair enough (though I did say "I know I must be doing something blatantly
> stupid"), though now that we've established that would you mind telling
> me how I fix it?
>
> --
> Brian
> --
> Brian