[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS/SSL issues
Paul Stephens wrote:
Hi,
Having problems getting my TLS setup working.
Current setup:
Ubuntu 11.10 (3.0.0-16 server)
OpenLDAP 2.4.25
I have been using the instructions at:
https://help.ubuntu.com/11.10/serverguide/C/openldap-server.html though to be
honest I am relatively new to TLS and using certtool, etc. I have now been
copy and pasting the commands given in case my typing is as good as it usually is.
Unencrypted LDAP works fine including syncing with a slave and samba
authentication (non-TLS that is!)
It appears to be something to do with the self-signed certificate not being
trusted and seems to be a common problem people run into. I have been
researching it for a while but at this stage Iâm kind of just trying randomly
browsed suggestions, with most admittedly geared towards pervious OpenLDAP
versions and not really assisting with my understanding of the problem in the
first place.
You should read the OpenLDAP Admin Guide.
http://www.openldap.org/doc/admin24/tls.html
The Ubuntu doc you read is not wrong, but it only told you how to configure
the server. (Obviously, since it's labelled a "serverguide"). You also need to
do some client side configuration. The OpenLDAP Admin Guide chapter on TLS
tells you how to do both.
TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_start_tls: Connect error (-11)
additional info: (unknown error code)
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/