[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL/TLS - Help Please
- To: Siva Kollipara <siva@CS.Arizona.EDU>
- Subject: Re: SSL/TLS - Help Please
- From: Miguel Baptista <miguel@ccom.uminho.pt>
- Date: Wed, 04 Feb 2004 18:06:25 +0000
- Cc: openldap-software@OpenLDAP.org
- In-reply-to: <Pine.GSO.4.58.0401301309530.5631@lectura.CS.Arizona.EDU>
- References: <Pine.LNX.4.44.0401281258360.17890-100000@cerberus> <401935CD.7040908@ccom.uminho.pt> <Pine.GSO.4.58.0401301309530.5631@lectura.CS.Arizona.EDU>
- User-agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.2.1) Gecko/20030225
Hi,
I' ve tried to solve my the problem without bother you again. But no luck.
My computer's FQDN is now estagio.ccom.uminho.pt. As in the previous
attempt, i follow this page's guide:
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
I created new certificates (CA, server and client). They are all in the
same (testing) computer. So, the CN in those certificates is
estagio.ccom.uminho.pt
I've made the necessary changes in this files: slapd.conf, ldap.conf and
.ldaprc
I run my server with this command: /usr/local/libexec/slapd -d -1 -h
"ldap:///estagio.ccom.uminho.pt ldaps:///estagio.ccom.uminho.pt"
I executed this command:
ldapsearch -x -d -1 -b 'dc=uminho,dc=pt' -D "cn=Manager,dc=uminho,dc=pt"
'(uid=a22)' -H ldaps://estagio.ccom.uminho.pt -W -ZZ
and this is the client's trace with the -d -1 option (i removed some
parts that didn't look important)
ldap_url_parse_ext(ldaps://estagio.ccom.uminho.pt:636)
ldap_connect_to_host: TCP estagio.ccom.uminho.pt:636
ldap_connect_to_host: Trying 192.168.1.210:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=estagio.ccom.uminho.pt
TLS trace: SSL_connect:before/connect initialization
tls_write: want=148, written=148
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
tls_read: want=72, got=72
TLS trace: SSL_connect:SSLv3 read server hello A
tls_read: want=5, got=5
tls_read: want=1683, got=1683
TLS certificate verification: depth: 1, err: 19, subject:
/C=pt/ST=pt/L=braga/O=braga/OU=certificador/CN=estagio.ccom.uminho.pt,
issuer: >
/C=pt/ST=pt/L=braga/O=braga/OU=certificador/CN=estagio.ccom.uminho.pt
TLS certificate verification: -------------------> Error, self signed
certificate in certificate chain <--------------------------
tls_write: want=7, written=7
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_start_tls: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Does this problem arrise because i have the client, CA and server in the
same machine? I follow the tutorial but i didn't the use self signed
certificate, why is this happening? Any Ideas?