Re: SSL3 alert read:warning:bad certificate

[Tony Earnshaw <tonye@billy.demon.nl>]

tir, 24.08.2004 kl. 15.42 skrev Artur Kokoszka:
[...]

> When I use :
> 
> openssl s_server -accept 636 -cert /etc/ldap/ldapcert.pem -key 
> /etc/ldap/ldapkey.pem
> 
> and then
> 
> openssl s_client -connect ldap.example.com:636 -showcerts -state -CAfile 
> /etc/ldap/cacert.pem
> 
> All it's OK. There are no errors.
> But when I start slapd with configuration:
> 
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCertificateFile /etc/ldap/ldapcert.pem
> TLSCertificateKeyFile /etc/ldap/ldapkey.pem
> TLSCACertificateFile /etc/ldap/cacert.pem
> TLSVerifyClient 0                                             or never
> 
> There is a string:
> 
> SSL3 alert read:warning:bad certificate  - full listing below
> 
> Maybe it ok yet (I.'m not sure -  ldapsearch with tls works good). But, 
> when I try to authentificate users, it is not possible. All the time 
> I've got massages that:
> 
> No client certificate CA names sent
[...]

Since properly made certificates work for me (on several sites) and 1000
others with the above parameters, we have to look somewhere else.

As what user are you running 'openssl s_client' and 'ldapsearch'? As
what user are you running slapd? What are the permissions on
/etc/ldap/cacert.pem and the two other certs?

--Tonni

-- 

Happiness is having your cat jump in through the window and
greet you, with the light summer dew yet a few seconds wet
on his coat.

mail: tonye@billy.demon.nl
http://www.billy.demon.nl