[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldap_start_tls: Can't contact LDAP server (81)
Hello all
I'm trying to use TLS, but I got error when testing by
[root@linux-integ /]# ldapsearch -ZZ
ldap_start_tls: Can't contact LDAP server (81)
I have generated, with openssl, a CA environment, and a
server certificate signed by the CA,
with the following commands (linux rh 8.0) :
$ cd /
$ /usr/share/ssl/misc/CA -newca
$ openssl req -new > new.cert.csr
$ openssl rsa -in privkey.pem -out new.cert.key
$ cat privkey.pem > newreq.pem
$ cat new.cert.csr >> newreq.pem
$ /usr/share/ssl/misc/CA -signreq
The server certificate is valid :
$ openssl verify -CAfile /demoCA/cacert.pem /newcert.pem
/newcert.pem: OK
I put these lines in slapd.conf :
TLSCertificateFile /newcert.pem
TLSCertificateKeyFile /new.cert.key
TLSCACertificateFile /demoCA/cacert.pem
TLSVerifyClient never
I put in ldap.conf these lines :
HOST linux-integ.enatel.local
(I did use this hostname when I created the server certificate)
ssl start tls
TLS hard
TLS CACERT /demoCA/cacert.pem
but when I try to test the communication :
[root@linux-integ /]# ldapsearch -ZZ
ldap_start_tls: Can't contact LDAP server (81)
and if I put "TLS never" instead of "TLS hard" in ldap.conf I get :
[root@linux-integ /]# ldapsearch -ZZ
ldap_start_tls: Connect error (91)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I think this is not an openssl pb since my certificate is valid and the
key isn't encrypted
What is wrong ?
Any help would be very useful for me
Thx
Francois Beretti
PS: I use openldap 2.1.12 RPMs made by jehan procaccia, on a linux
redhat 8.0 station, with openssl 0.9.6b-29 (default redhat RPM)