[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP + TLS







 I use:
CA.sh --newca
CA.sh --newreq
CA.sh --sign

 It don´t be okay.
 I have the erro that I describe below.


On Mon, 24 Jan 2005, "Florian Preuß" wrote:

> >  
> >  
> >  
> >  I am trying to put LDAP with TLS, but I have a problem: 
> > ---------------------- Debug slapd ------------------------ 
> > tls_read: want=2, got=2 
> >   0000:  02 30                                              .0 
> > TLS trace: SSL3 alert read:fatal:unknown CA 
> > TLS trace: SSL_accept:failed in SSLv3 read client certificate A 
> > TLS: can't accept. 
> > TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca  
> > s3_pkt.c:1052 
> > connection_read(10): TLS accept error error=-1 id=1, closing 
> > connection_closing: readying conn=1 sd=10 for close 
> > connection_close: conn=1 sd=10 
> > daemon: removing 10 
> > ----------------------------------------------------------------- 
> >  
> >  
> >  
> >  I am using ldap client. 
> >  I already read a lot of home pages in the Internet, but I don't find 
> the  
> > solution. 
> >  
> >  In my client ldap: 
> > -------- LDAP client --------------------------------------- 
> > ldapsearch -x -b 'dc=br' -D "cn=root,dc=com" '(objectclass=*)' -h 
> > localhost -W -f /etc/ldap/ldap.conf -Z 
> > ldap_start_tls: Connect error (91) 
> >         additional info: error:14090086:SSL  
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 
> > Enter LDAP Password: 
> > ldap_bind: Can't contact LDAP server (81) 
> >         additional info: error:14090086:SSL  
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 
> > ---------------------------------------------------------------- 
> >  
> >  
> >  Does someone know like help me? 
> >  
> >  
> Create a CA and sign your certificate with it. Put the public CA 
> certificate on the client and configure ldap.conf where to find it. 
>  
> Florian 
> end 
> 
>