[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with OpenLDAP client tools connecting to Sun Directory Server using STARTTLS

Hi,

I am trying to connect to a Sun Directory Server 5.2 using OpenLDAP
client tools (ldapsearch) under Linux. It says it can't verify the
certificate (the server is using a self-signed certificate which was
generating using OpenSSL). I try adding it as a trusted CA root
certificate in my /etc/ldap.conf file, but to no avail. Can anyone
help me?

This is what happens:

$ ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.2.23 (Mar 11 2005 04:06:07) $
        skissane@<...>:/root/openldap-2.2.23/clients/tools
        (LDAP library: OpenLDAP 20223)
$ ldapsearch -vv -h <...> -Z
ldap_initialize( ldap://<...> )
ldap_start_tls: Connect error (-11)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ldap_bind: Can't contact LDAP server (-1)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

[N.B. Hostnames and IPs above replaced with <...> for security reasons]

This is what I have in my /etc/ldap.conf
pam_password md5
TLS_CACERT /var/www/html/StudentEmail/ca.cer

The /var/www/html/StudentEmail/ca.cer file contains a certificate:
-----BEGIN CERTIFICATE-----
[several lines of base64 certificate ommitted]
-----END CERTIFICATE-----

Many thanks in advance for any help that may be received,

Simon Kissane