[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Still getting TLS errors with 2.3.11



On Mon, Oct 17, 2005 at 10:39:15AM +0200, Dieter Kluenter wrote:
> I just experienced the same problem and it took me a few minutes to find
> the reason, which resulted in
> 
> TLS trace: SSL3 alert read:fatal:certificate expired
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept.
> TLS: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired s3_pkt.c:1052
> connection_read(15): TLS accept error error=-1 id=1, closing
> 
> Creating and signing a new set of certificates solved it.

The certificate is fine here (other than being self-signed):
# openssl x509 -in ldap.pem -noout -dates
notBefore=Oct  7 16:26:09 2005 GMT
notAfter=Aug 18 07:00:49 2021 GMT

If I run ldapsearch from another machine which has another version of
openldap that is not 2.3.11 nor 2.3.10, then it works.