[Date Prev][Date Next] [Chronological] [Thread] [Top]

Self-signed server cert within our corp = failure

To: openldap-technical@openldap.org
Subject: Self-signed server cert within our corp = failure
From: Jeff Blaine <jblaine@kickflop.net>
Date: Thu, 22 Jan 2009 14:20:56 -0500
User-agent: Thunderbird 2.0.0.19 (Windows/20081209)

OpenLDAP 2.4.11 client

How do I subvert this bogusness?  The cert is legit.

% /usr/rcf/bin/ldapsearch -d 1 -v -ZZ -h ldap.our.com -p 4890 -D uid=jblaine -W mail=jblaine@our.com emailmailbox ... res_errno: 0, res_error: <Start TLS request accepted.Server willing to negotiate SSL.>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_extended_result ber_scanf fmt ({eAA) ber: ber_scanf fmt (a) ber: ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (x) ber: ber_scanf fmt (}) ber: ldap_msgfree TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 2, err: 19, subject: /O=our.com/OU=Certificate Authority/CN=SuperDuper Corporation Root CA-1, issuer: /O=our.com/OU=Certificate Authority/CN=SuperDuper Corporation Root CA-1 TLS certificate verification: Error, self signed certificate in certificate chain TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. ldap_err2string ldap_start_tls: Connect error (-11)

Follow-Ups:
- Re: Self-signed server cert within our corp = failure
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: ldap_simple_bind_s fails intermittently, when run in an loop
Next by Date: Re: Self-signed server cert within our corp = failure
Index(es):
- Chronological
- Thread