[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Tls/ssl issue
See original note below.
Hi Cody,
I'm sending this off-list, hope you don't mind. I was just wondering if
you were able to get past the TLS/SSL problem using the help me and others
provided.
Cheers,
Kent Soper
"You don't stop playing because you grow old ...
you grow old because you stop playing."
Linux Technology Center, Linux Security
tie line: 678-9216
external: 1-512-838-9216
e-mail: dksoper@us.ibm.com
"cody wang"
<codywang@clunet.edu> To: "openldap-software@OpenLDAP. org"
Sent by: <openldap-software@OpenLDAP.org>
owner-openldap-software@O cc:
penLDAP.org Subject: Tls/ssl issue
08/11/2003 04:07 PM
Hi,
I just finished the tls/ssl, but the test is failed. Client and server
is on the same machines. I did not see any error message during the
issue CA server/client process.
[root@accounts openldap]# openssl s_client -connect localhost:636
-showcerts
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Thousand Oaks/O=California Lutheran
University/OU=ISS/CN
=accounts.clunet.edu/emailAddress=codywang@clunet.edu
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Thousand Oaks/O=California Lutheran
University/OU=ISS/CN
=accounts.clunet.edu/emailAddress=codywang@clunet.edu
verify error:num=21:unable to verify the first certificate
verify return:1
11712:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt
.c:1037:SSL alert number 40
11712:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
In slapd.conf
##SSL/TLS options for slapd
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem
TLSVerifyClient demand
In ldap.conf
TLS_CACERT /usr/local/etc/openldap/cacert.pem
TLS_REQCERT demand
Cody Wang