[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS headache
Paolo Marini wrote:
Does your cert7.db know about your CA?
What does it mean ? what is cert7.db ?
Thank you
Paolo
My apologies - cert7.db is a Netscape db used with ssl (port 636).
The significant line in the output is surely this:
TLS trace: SSL3 alert write:fatal:unknown CA
which means that the client does not know about the signing authority.
Two things to try:
1) In slapd.conf try changing
TLSCipherSuite HIGH:MEDIUM:+SSLv2:
to
TLSCipherSuite HIGH:MEDIUM:+SSLv3:RSA:+TLSv1
2) From the client
/path/to/openssl s_client -connect <server name as in CN of cert>:636
-CApath /path/to/directory/containing/CAcert
Dave
--
Dave Lewney
Principal Systems Programmer, Computing Service
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956