[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP + TLS
I use:
CA.sh --newca
CA.sh --newreq
CA.sh --sign
It don´t be okay.
I have the erro that I describe below.
On Mon, 24 Jan 2005, "Florian Preuß" wrote:
> >
> >
> >
> > I am trying to put LDAP with TLS, but I have a problem:
> > ---------------------- Debug slapd ------------------------
> > tls_read: want=2, got=2
> > 0000: 02 30 .0
> > TLS trace: SSL3 alert read:fatal:unknown CA
> > TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> > TLS: can't accept.
> > TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> > s3_pkt.c:1052
> > connection_read(10): TLS accept error error=-1 id=1, closing
> > connection_closing: readying conn=1 sd=10 for close
> > connection_close: conn=1 sd=10
> > daemon: removing 10
> > -----------------------------------------------------------------
> >
> >
> >
> > I am using ldap client.
> > I already read a lot of home pages in the Internet, but I don't find
> the
> > solution.
> >
> > In my client ldap:
> > -------- LDAP client ---------------------------------------
> > ldapsearch -x -b 'dc=br' -D "cn=root,dc=com" '(objectclass=*)' -h
> > localhost -W -f /etc/ldap/ldap.conf -Z
> > ldap_start_tls: Connect error (91)
> > additional info: error:14090086:SSL
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> > Enter LDAP Password:
> > ldap_bind: Can't contact LDAP server (81)
> > additional info: error:14090086:SSL
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> > ----------------------------------------------------------------
> >
> >
> > Does someone know like help me?
> >
> >
> Create a CA and sign your certificate with it. Put the public CA
> certificate on the client and configure ldap.conf where to find it.
>
> Florian
> end
>
>