[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Self-signed server cert within our corp = failure
Hi,
You need to find out where your ldap.conf file is and add an entry to that
TLSREQCERT allow
This directive makes the client allow and complete the ssl handshake
even if the server cert does not match.
This error that you get is because of the fact that either the CN of
the server and the issuer are same or something like that.That is
probably error codes 18 or 19(ssl error codes).
Just try this out to be more clear:
$ openssl s_client -connect x.x.x.x:636 -showcerts
Which will barf out the error codes.
Thanks,
Shawn
Quoting Quanah Gibson-Mount <quanah@zimbra.com>:
--On Thursday, January 22, 2009 2:20 PM -0500 Jeff Blaine
<jblaine@kickflop.net> wrote:
OpenLDAP 2.4.11 client
How do I subvert this bogusness? The cert is legit.
Provide the CA.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
Sankhadip Sengupta
School of Computing,
University of Utah,
Utah-84112,
U.S.A.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.