[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS headache



Paolo Marini wrote:
Does your cert7.db know about your CA?
What does it mean ? what is cert7.db ?

Thank you

Paolo

My apologies - cert7.db is a Netscape db used with ssl (port 636). The significant line in the output is surely this:

TLS trace: SSL3 alert write:fatal:unknown CA

which means that the client does not know about the signing authority.
Two things to try:

1) In slapd.conf try changing
TLSCipherSuite HIGH:MEDIUM:+SSLv2:
to
TLSCipherSuite HIGH:MEDIUM:+SSLv3:RSA:+TLSv1

2) From the client

/path/to/openssl s_client -connect <server name as in CN of cert>:636 -CApath /path/to/directory/containing/CAcert

Dave
--
Dave Lewney
Principal Systems Programmer, Computing Service
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956