[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL/TLS Unknown CA



I am really hoping someone can help me.

Fedora Core 2
openldap 2.1.29-1

I have installed and tested Ldap without TLS/SSL certificates, testing
seems to works fine. I have now started testing with SSL/TLS and cannot
get it to work. I am using a self signed certificate.

My slapd.conf file has these lines added :

TLSCertificateFile /etc/openldap/ssl/servercrt.pem
TLSCertificateKeyFile /etc/openldap/ssl/serverkey.pem
TLSCACertificateFile /etc/openldap/ssl/cacert.pem


And my ldap.conf files (there are two one in /etc the other in
/etc/openldap/) has this line added :

TLS_CERT /etc/openldap/ssl/cacert.pem

I have followed instructions from about 6 different web sites and also
from the O'Reilly LDAP book.
Sites include : Mandrake, OpenSSL and OpenLDAP

My latest attempt was from
http://www.openldap.org/faq/data/cache/185.html

I tried to import the certificate into Mozilla and succeeded (It did
complain about Self Cert)

Every attempt has produced the same error :

.....
TLS certificate verification: Error, unable to get local issuer
certificate
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 30                               ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I get this error both on a local system client and a remote client.
It sounds like a problem with the client setup, but I have tried
everything every news group list and web site has suggested but no luck.

Can anyone help me I know it's something stupid I have missed ?

Many thanks,

Neil.