[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS client certificate pb
Hello all
I am asking for your help again, I am trying to have TLS with client
certificate working but it don't
I generated a client certificate (signed y the CA) that I put in ~/ssl
This certificate is valid :
[francois@linux-integ francois]$ openssl verify -CAfile \
/demoCA/cacert.pem ssl/cert.pem
ssl/cert.pem: OK
In ~/.ldaprc I put :
TLS_CACERT /demoCA/cacert.pem
TLS_CERT ~/ssl/cert.pem
TLS_KEY ~/ssl/privkey.pem
I also have in ldap.conf :
HOST linux-integ.enatel.local
But :
[francois@linux-integ francois]$ ldapsearch -ZZ -x
ldap_start_tls: Connect error (91)
I tried this to get more info :
[francois@linux-integ francois]# openssl s_client -cert ssl/cert.pem \
-key ssl/privkey.pem -CAfile /demoCA/cacert.pem -connect \
linux-integ.enatel.local:389 -tls1
Enter PEM pass phrase:
CONNECTED(00000003)
1786:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:490:
What do you think is going wrong ?
Very thanks in advance
François Beretti