[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS certificate verification: Error, unable to get local issuer certificate



Hello,

  Anybody know what this error means? I was guessing it means that it
couldnt verify the authenticity of a cert because it couldnt find the
CA of the cert. However, it happens if I put "demand" or "never" for
the TLS_REQCERT.
  If I don't try to use SSL everything works fine.

Here's the ldap debug output:

--------------------
ldap_create
ldap_url_parse_ext(ldaps://example.com:3269/??sub)
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP example.com:3269
ldap_new_socket: 47
ldap_prepare_socket: 47
ldap_connect_to_host: Trying 127.0.0.1:3269
ldap_connect_timeout: fd: 47 tm: -1 async: 0
ldap_ndelay_on: 47
ldap_is_sock_ready: 47
ldap_ndelay_off: 47
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 20, subject:
/CN=example.com, issuer: /DC=com/DC=example/CN=Xyz
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_err2string
--------------------

any ideas?

  Thanks,
- Jeremiah