[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS certificate verification: Error, self signed certificate
I'm working with openldap 2.1.23 on Sparc Solaris 9 systems. I have
setup an LDAP server and replica. I have loaded the database using
PADL's scripts. Now I'm trying to get tls working. I have created
certificates and keys on the ldap server and verified them with openssl.
I copied them to the replica system as well. I have added the TLS lines
to the slapd.conf file and the ldap.conf file. When I test using
ldapsearch on the ldap server I get a get the following error:
/usr/local/bin/ldapsearch -d -1 -x -ZZ -b 'dc=highley-recommended,,dc=com' '(objectclass=*)'
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_start_tls: Connect error (91)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
So can we use self signed certificates? Do we need to generate
certificates and keys for the replica? What about clients?
--
Regards,
David Highley Phone: (206) 669-0081
Highley Recommended, Inc. FAX: (253) 838-8509
2927 SW 339th Street Email: dhighley@highley-recommended.com
Federal Way, WA 98023-7732 WEB: http://www.highley-recommended.com