[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS bare minimum

To: "West, Jon (NIH/NIMH) [C]" <wjon@mail.nih.gov>, openldap-software@openldap.org
Subject: RE: TLS bare minimum
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Tue, 05 Jun 2007 15:08:38 -0700
Content-disposition: inline
In-reply-to: <FC6B3E97A88F754180D924680FE66004030C62@nihcesmlbx2.nih.gov>
References: <FC6B3E97A88F754180D924680FE66004069ED6@nihcesmlbx2.nih.gov> <D6AF42FEF8CD35DDD1232110@deus-ex.zimbra.com> <FC6B3E97A88F754180D924680FE66004030C62@nihcesmlbx2.nih.gov>

--On June 5, 2007 6:02:21 PM -0400 "West, Jon (NIH/NIMH) [C]" <wjon@mail.nih.gov> wrote:

ok so I've learned a little bit more about ldapsearch
on the server running TLS I can use the -ZZ directive and connect
then next thing I did was to try and connect from a different machine
using -ZZ with this command
ldapsearch -ZZ -x -h serveraddress -v -b
'uid=tester,ou=People,dc=test,dc=com' this results in the following output
ldap_start_tls: Connect error (-11)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

ok fine, that is correct, it does not have the CA cert to use, I tried to
copy the CAcert from the Ldap server but I still get the same error

Did you tell ldapsearch where to find the CA cert? (hint: .ldaprc or ldap.conf)

--Quanah


--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- TLS bare minimum
  - From: "West, Jon (NIH/NIMH) [C]" <wjon@mail.nih.gov>
- Re: TLS bare minimum
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: TLS bare minimum
  - From: "West, Jon (NIH/NIMH) [C]" <wjon@mail.nih.gov>

Prev by Date: RE: TLS bare minimum
Next by Date: Re: Need to build LDAP on Win64 (IA/EM64T) platform
Index(es):
- Chronological
- Thread