[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL3 alert write:fatal:unknown CA

To: Kent Soper <dksoper@us.ibm.com>, Pierre Burri <pierre@globeall.de>
Subject: Re: SSL3 alert write:fatal:unknown CA
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Thu, 26 Jun 2003 14:48:42 -0700
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <OF25DF106C.AF806427-ON87256D51.0075612D-86256D51.007600A2@us.ibm.com>
References: <OF25DF106C.AF806427-ON87256D51.0075612D-86256D51.007600A2@us.ib m.com>

--On Thursday, June 26, 2003 4:30 PM -0500 Kent Soper <dksoper@us.ibm.com> wrote:

Pierre Burri wrote:

Hi Kent,
I looked in your excellent Document OpenLDAP_TLS_howto, also because

Quanah

Gibson-Mount mentioned it.

In Chapter 7 Using TLS you give the following example:

ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
'(objectclass=*)' -H ldaps://myserver.com -W -ZZ

I thought TLS was working on port 389 and only SSL was using ldaps://
If that's true the command would be:

ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
'(objectclass=*)' -h myserver.com -W -ZZ

Pierre


Good catch Pierre!

The command needs to have "ldap://"; instead of "ldaps://".  Using ldaps://
with "-ZZ" will not enable a connection to the server.

I still prefer "-H <uri>" over "-h <host>" because the latter is
deprecated.

The doc is new and probably has a few more errors so I'll wait before
updating the document.  Thanks for catching it and thanks for the great
comment!


Right, kind of ignore my reply.

But, you could have it be ldaps:// and get rid of the -ZZ.

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Re: SSL3 alert write:fatal:unknown CA
  - From: Kent Soper <dksoper@us.ibm.com>

Prev by Date: Re: SSL3 alert write:fatal:unknown CA
Next by Date: Re: referral and performance
Index(es):
- Chronological
- Thread