[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS bare minimum





--On June 5, 2007 6:02:21 PM -0400 "West, Jon (NIH/NIMH) [C]" <wjon@mail.nih.gov> wrote:

ok so I've learned a little bit more about ldapsearch
on the server running TLS I can use the -ZZ directive and connect
then next thing I did was to try and connect from a different machine
using -ZZ with this command
ldapsearch -ZZ -x -h serveraddress -v -b
'uid=tester,ou=People,dc=test,dc=com' this results in the following output
ldap_start_tls: Connect error (-11)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

ok fine, that is correct, it does not have the CA cert to use, I tried to
copy the CAcert from the Ldap server but I still get the same error

Did you tell ldapsearch where to find the CA cert? (hint: .ldaprc or ldap.conf)


--Quanah


-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration