[Date Prev][Date Next] [Chronological] [Thread] [Top]

[seeking help] unknown CA

To: openldap-software@OpenLDAP.org
Subject: [seeking help] unknown CA
From: Ben Kim <bkim@edsun.coe.tamu.edu>
Date: Fri, 26 Sep 2003 12:06:26 -0500 (CDT)

Hi,
I have a php script authenticating user against an ldap server (not under
my control) which I know has no problem.
But when I use it on my newly compiled server, it cannot bind with ldaps
protocol. Packet traces show the following exchange.
- client: Client Hello
- server: Server Hello, Certificate, Server Hello Done
- client: Alert (Level: Fatal, Description: Unknown CA)

On google, it seems to be one of the standard error strings: 
"   "CA"/"unknown CA"
          A valid certificate chain or partial chain was received, but
the certificate was not accepted because the CA certificate could not be
located or couldn't be matched with a known, trusted CA. This message
is always fatal."

My question is, how can I fix this problem? I checked the configuration of
another machine on which this script works perfectly, but cannot easily
find the difference.

Any insight would be appreciated.

Thanks.
Ben

Follow-Ups:
- [seeking help] unknown CA - p.s.
  - From: Ben Kim <bkim@edsun.coe.tamu.edu>
- Re: [seeking help] unknown CA
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: error when make test
Next by Date: tls authentication : certificate dn to directory dn mapping
Index(es):
- Chronological
- Thread