[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SSL/TLS Unknown CA
I am really hoping someone can help me.
Fedora Core 2
openldap 2.1.29-1
I have installed and tested Ldap without TLS/SSL certificates, testing
seems to works fine. I have now started testing with SSL/TLS and cannot
get it to work. I am using a self signed certificate.
My slapd.conf file has these lines added :
TLSCertificateFile /etc/openldap/ssl/servercrt.pem
TLSCertificateKeyFile /etc/openldap/ssl/serverkey.pem
TLSCACertificateFile /etc/openldap/ssl/cacert.pem
And my ldap.conf files (there are two one in /etc the other in
/etc/openldap/) has this line added :
TLS_CERT /etc/openldap/ssl/cacert.pem
I have followed instructions from about 6 different web sites and also
from the O'Reilly LDAP book.
Sites include : Mandrake, OpenSSL and OpenLDAP
My latest attempt was from
http://www.openldap.org/faq/data/cache/185.html
I tried to import the certificate into Mozilla and succeeded (It did
complain about Self Cert)
Every attempt has produced the same error :
.....
TLS certificate verification: Error, unable to get local issuer
certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I get this error both on a local system client and a remote client.
It sounds like a problem with the client setup, but I have tried
everything every news group list and web site has suggested but no luck.
Can anyone help me I know it's something stupid I have missed ?
Many thanks,
Neil.