Re: Client says Can't contact LDAP server, but it can!

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Monday, July 28, 2008 11:30 AM -0700 John Oliver 
<joliver@john-oliver.net> wrote:

> On Mon, Jul 28, 2008 at 09:20:23AM +0200, Buchan Milne wrote:
> > Or, ensure that the "CA certificate" that the clients use contains the
> > certificates of the issuer of both of the server certificates, and that
> > the  value of the subject CN on both certificates matches the name you
> > use to  connect to the servers.
>
> I've tried:
>
> openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout
> server.pem -days 3650

This generates a self-signed cert without a CA.  That's part of the root of 
your problem.  By your own email, you have no concept of how SSL signing 
and authority works.  Yet you reject the advice that's been given out of 
hand.  Go back to the link I sent you, and set up your certs correctly, 
which a valid self-generated CA, or do as others have suggested, stop using 
SSL until you understand how it works.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration