[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: TLS certificate verification: Error, unable to get local issuer certificate

To: "OpenLDAP Software List" <OpenLDAP-software@OpenLDAP.org>
Subject: Fwd: TLS certificate verification: Error, unable to get local issuer certificate
From: "Jeremiah Martell" <inlovewithgod@gmail.com>
Date: Tue, 12 Sep 2006 13:47:04 -0400
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=V0oaOZp8uH/48DniPNkLnp8W3nsmcjWed+Jo6OTJWNRhF67bF1XhaFUDGmr0GZRMnCNNyZxlh7hs9QK2YY68uKnupUSiKuJwkwmASMGJiNJG1PE/zA4NZWgChcI147ox+Xbal3YFi3Nd0Ye5ZYuHzU4PjAncYpj3vlApAOvhZE0=
In-reply-to: <233eb300609120619u4011f98fnbd440af87bf07a86@mail.gmail.com>
References: <233eb300609120619u4011f98fnbd440af87bf07a86@mail.gmail.com>

Nevermind, I just didnt have my ldap.conf in the right place. :-)

- Jeremiah

---------- Forwarded message ----------
From: Jeremiah Martell <inlovewithgod@gmail.com>
Date: Sep 12, 2006 9:19 AM
Subject: TLS certificate verification: Error, unable to get local
issuer certificate
To: OpenLDAP Software List <OpenLDAP-software@openldap.org>


Hello,

  Anybody know what this error means? I was guessing it means that it
couldnt verify the authenticity of a cert because it couldnt find the
CA of the cert. However, it happens if I put "demand" or "never" for
the TLS_REQCERT.
  If I don't try to use SSL everything works fine.

Here's the ldap debug output:

--------------------
ldap_create
ldap_url_parse_ext(ldaps://example.com:3269/??sub)
ldap_bind
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP example.com:3269
ldap_new_socket: 47
ldap_prepare_socket: 47
ldap_connect_to_host: Trying 127.0.0.1:3269
ldap_connect_timeout: fd: 47 tm: -1 async: 0
ldap_ndelay_on: 47
ldap_is_sock_ready: 47
ldap_ndelay_off: 47
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 20, subject:
/CN=example.com, issuer: /DC=com/DC=example/CN=Xyz
TLS certificate verification: Error, unable to get local issuer certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_err2string
--------------------

any ideas?

  Thanks,
- Jeremiah

References:
- TLS certificate verification: Error, unable to get local issuer certificate
  - From: "Jeremiah Martell" <inlovewithgod@gmail.com>

Prev by Date: TLS certificate verification: Error, unable to get local issuer certificate
Next by Date: Master-Slave synchronizing problem
Index(es):
- Chronological
- Thread