[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL3 alert read:warning:bad certificate
tir, 24.08.2004 kl. 15.42 skrev Artur Kokoszka:
[...]
> When I use :
>
> openssl s_server -accept 636 -cert /etc/ldap/ldapcert.pem -key
> /etc/ldap/ldapkey.pem
>
> and then
>
> openssl s_client -connect ldap.example.com:636 -showcerts -state -CAfile
> /etc/ldap/cacert.pem
>
> All it's OK. There are no errors.
> But when I start slapd with configuration:
>
> TLSCipherSuite HIGH:MEDIUM:+SSLv2
> TLSCertificateFile /etc/ldap/ldapcert.pem
> TLSCertificateKeyFile /etc/ldap/ldapkey.pem
> TLSCACertificateFile /etc/ldap/cacert.pem
> TLSVerifyClient 0 or never
>
> There is a string:
>
> SSL3 alert read:warning:bad certificate - full listing below
>
> Maybe it ok yet (I.'m not sure - ldapsearch with tls works good). But,
> when I try to authentificate users, it is not possible. All the time
> I've got massages that:
>
> No client certificate CA names sent
[...]
Since properly made certificates work for me (on several sites) and 1000
others with the above parameters, we have to look somewhere else.
As what user are you running 'openssl s_client' and 'ldapsearch'? As
what user are you running slapd? What are the permissions on
/etc/ldap/cacert.pem and the two other certs?
--Tonni
--
Happiness is having your cat jump in through the window and
greet you, with the light summer dew yet a few seconds wet
on his coat.
mail: tonye@billy.demon.nl
http://www.billy.demon.nl