[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS issue (again)
Hi Oliver.
OpenLDAP with NSS. What version? Is that Fedora?
----- Original Message -----
> $ ldapsearch -ZZ -D uid=guillard,ou=staff,ou=people,dc=example,dc=fr
> -W uid=guillard -h ldap2.th3.example.fr
> ldap_start_tls: Connect error (-11)
> additional info: TLS error -8172:Unknown code ___f 20
SEC_ERROR_UNTRUSTED_ISSUER (Peer's certificate issuer has been
marked as not trusted by the user.)
> olcTLSCACertificateFile /etc/openldap/cacerts/CA.crt
> olcTLSCertificateFile /etc/openldap/cacerts/server.crt
> olcTLSCertificateKeyFile /etc/openldap/cacerts/server.key
> olcTLSCipherSuite HIGH
> TLS: error: accept - force handshake failure: errno 11 - moznss error
> -12195
> TLS: can't accept: TLS error -12195:Unknown code ___P 93.
SSL_ERROR_UNKNOWN_CA_ALERT (Peer does not recognize and trust the CA
that issued yourcertificate.
> -----BEGIN CERTIFICATE-----
> ...
> -----END CERTIFICATE-----
"openssl x509 -in yourcert.pem -text" gives me:
unable to load certificate
139832255481664:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
139832255481664:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306:
139832255481664:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_VAL
139832255481664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=validity, Type=X509_CINF
139832255481664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=cert_info, Type=X509
139832255481664:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: