[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL problem - unsupported certificate

Subject: Re: TLS/SSL problem - unsupported certificate
From: Tony Earnshaw <tonni@hetnet.nl>
Date: Wed, 11 Apr 2007 10:41:05 +0200
Cc: openldap-software@openldap.org
In-reply-to: <461C7C2D.1080500@symas.com>
References: <b29e0c790704100820y315af7abo956846e47f10f637@mail.gmail.com> <461C57B9.8040707@hetnet.nl> <461C7C2D.1080500@symas.com>
User-agent: Thunderbird 2.0.0.0 (X11/20070326)

Howard Chu wrote, on 11. apr 2007 08:11:

[...]

So, if the goal is to use certificate-based authentication, then the solution is to generate a proper certificate without any usage restrictions on it, or one that says it can be used for client authentication.

If the goal isn't to use certificate-based authentication, then some of your advice is correct.

It seemed to me that OP was simply trying to establish an encrypted connection, as so many have done in the past and slapd was barfing on a missing client cert.

But you don't know enough at this point to say for certain. Ask for clarification before offering advice.


Indeed. I'll remember that :)

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl

Follow-Ups:
- Re: TLS/SSL problem - unsupported certificate
  - From: Howard Chu <hyc@symas.com>

References:
- TLS/SSL problem - unsupported certificate
  - From: "Antonio Camacho" <antcam@gmail.com>
- Re: TLS/SSL problem - unsupported certificate
  - From: Tony Earnshaw <tonni@hetnet.nl>
- Re: TLS/SSL problem - unsupported certificate
  - From: Howard Chu <hyc@symas.com>

Prev by Date: RE: Ldapsearch on multiple attributes
Next by Date: documentation for security ssf-settings
Index(es):
- Chronological
- Thread