Hi,
I'm trying to setup a LDAP server over SSL (it works already very well
without SSL)
I'm using Debian Sid, package slapd, version 2.1.17-3, LDAPv3
I made a certificate, the common name is the FQDN of the host:
sun.stars.priv the comand:
ldapsearch -H ldaps://sun.stars.priv -b "dc=stars,dc=priv" -d7
gives me the followin result:
TLS certificate verification: depth: 0, err: 18, subject:
/C=DE/ST=Berlin/L=Berlin/O=linux-age/OU=LDAP-Server/CN=sun.stars.priv/Ema
il=certificate@sun.stars.priv, issuer:
/C=DE/ST=Berlin/L=Berlin/O=linux-age/OU=LDAP-Server/CN=sun.stars.priv/Ema
il=certificate@sun.stars.priv TLS certificate verification: Error, self
signed certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
What can I do that clients from other hosts than "sun" recognize my self
made certificate?
On the the server "sun", I put TLS_CACERT /etc/ldap/server.pem in file
/etc/ldap/ldap.conf which remove the problem, but of course only on the
server.