[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL/TLS problem
Hello.
> TLSVerifyClient demand
With this line you told to slapd to request a client certificate during
handshake - and client cert is mandatory ( see
http://www.openldap.org/doc/admin22/tls.html#TLS%20Configuration )
> And these lines to /etc/ldap/ldap.conf :
> TLS_CACERT /etc/ldap/cfg/ssl/cacert.pem
> TLS_REQCERT demand
But in you ldap.conf, you only provide CAcert and no TLS_[CERT|KEY]
directive ( man ldap.conf )
> I got these errors :
> ldap_start_tls: Connect error (-11)
> additional info: error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
CQFD ;)
To check that your SSL/TLS configuration is good, try to change
TLSVerifyClient to a lower level. Try for exemple never ( the lowest one
).
After that, you should sign create and sign ( why your previous CACert ) a
new cert for your client and check that with demand it's working.
Hope this help.
David