[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS Connection Failure
Radomir Klacza <rklacza@melog.com> writes:
> Hi all,
> I'm trying to establish TLS connection with my newly configured
> OpenLDAP server, but all the time I get the TLS Connection Failure
> error.
>
> I have the following configuration in slapd.conf:
> TLSCACertificateFile /etc/openldap/cacert.pem
> TLSCertificateFile /etc/openldap/servercrt.pem
> TLSCertificateKeyFile /etc/openldap/serverkey.pem
> TLSVerifyClient never
>
> The CA and certs where creating with accordance to this tutorial:
> http://www.openldap.org/faq/data/cache/185.html
[...]
> TLS: can't connect.
> ldap_perror
> ldap_start_tls: Connect error (-11)
>
> client is configured:
> TLS_CACERT /etc/openldap/cacert.pem
Does the client have read access to /etc/openldap/ldap.conf and to
/etc/openldap/cacert.pem?
> and cacert is the same like on the server.
> I'm using gentoo with openldap 2.4.19-r1 and openssl 0.9.8n
>
> I'm working on it for long time and currently I have no idea why it
> does not working...
Could you start slapd with -h ldaps:/// and try
openssl s_client -connect <server>:636 -CAfile /path/to/CA -showcerts
and check the CN value of the certificate returned.
-Dieter
--
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6