[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL3 alert write:fatal:unknown CA



Hi,

I'm trying to setup a LDAP server over SSL (it works already very well without 
SSL)
 
I'm using Debian Sid, package slapd, version 2.1.17-3, LDAPv3

I made a certificate, the common name is the FQDN of the host: sun.stars.priv
the comand:

ldapsearch -H ldaps://sun.stars.priv -b "dc=stars,dc=priv" -d7

gives me the followin result:

TLS certificate verification: depth: 0, err: 18, subject: 
/C=DE/ST=Berlin/L=Berlin/O=linux-age/OU=LDAP-Server/CN=sun.stars.priv/Email=certificate@sun.stars.priv, 
issuer: 
/C=DE/ST=Berlin/L=Berlin/O=linux-age/OU=LDAP-Server/CN=sun.stars.priv/Email=certificate@sun.stars.priv
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 30                               ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)
        additional info: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

What can I do that clients from other hosts than "sun" recognize my self made 
certificate?

On the the server "sun", I put TLS_CACERT /etc/ldap/server.pem in file 
/etc/ldap/ldap.conf which remove the problem, but of course only on the 
server.