[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP, OpenSSL, TLS trace: SSL_accept:error in SSLv3 read clie nt certificate A



Dear All,

I have openldap, openssl on sunos. If I query using ldapsearch -Z, it works
all fine. But if I query from VB application (windows based client), then it
fails. I get the error as:
connection_get(14): got connid=1
connection_read(14): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(14): got connid=1
connection_read(14): checking for input on id=1
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
connection_read(14): TLS accept error error=-1 id=1, closing
connection_closing: readying conn=1 sd=14 for close
connection_close: conn=1 sd=14

Before this I had queried the server using internet explorer and netscape.
>From both the browsers it shown me the message whether to install the
certificate to which I said yes. I can see the certificate is installed on
windows based client. I don't understand why the query fails from vb
application?

Or is it that, the certificate installed from internet explorer and
netsccape is just a copy of server certificate where as my openldap is
asking for client side certificate too? If that is the case, then what
should I do next?
1. How do I create and export client side certificate? 
2. How do I install client side certificate on windows based machine?

Environment: sunos, cds symas binaries, windows 2000 client, adsi, vb.

Please reply. Thanks.

Regards
Pravin Joshi