[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SSL/TLS issue

To: "'Aaron Richton'" <richton@nbcs.rutgers.edu>
Subject: RE: SSL/TLS issue
From: "Darouichi, Aziz" <adarouic@post03.curry.edu>
Date: Mon, 15 Oct 2012 12:01:59 -0400
Accept-language: en-US
Acceptlanguage: en-US
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-language: en-US
In-reply-to: <alpine.SOC.2.02.1210151144120.4356@toolbox.rutgers.edu>
References: <2398337E30371A47B556742B49C7805B5BF4A10FA5@EXCCRMBX01.Currynet.local> <alpine.SOC.2.02.1210151144120.4356@toolbox.rutgers.edu>
Thread-index: Ac2q7ALUwwPgl1fyS8uhMuC21xrl2QAAA3Fw
Thread-topic: SSL/TLS issue

Yes, I double checked ldap.conf  and its pointing to cacert.pem directive.

BASE    dc=curry,dc=edu
URI     ldaps://ldap-ssl.curry.edu
TLS_REQCERT allow
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
TLS_CACERTDIR /opt/local/etc/openldap/cacert.pem

Thanks



-----Original Message-----
From: Aaron Richton [mailto:richton@nbcs.rutgers.edu] 
Sent: Monday, October 15, 2012 11:45 AM
To: Darouichi, Aziz
Cc: openldap-technical@openldap.org
Subject: Re: SSL/TLS issue

On Mon, 15 Oct 2012, Darouichi, Aziz wrote:

> TLS trace: SSL3 alert write:fatal:unknown CA

Did you (try to) configure the CA on your client (i.e. in ldap.conf or 
similar)? For example, a "TLS_CACERT" or "TLS_CACERTDIR" directive that 
points to the appropriate CA certificate. See also ldap.conf(5) man page.

Follow-Ups:
- RE: SSL/TLS issue
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

References:
- SSL/TLS issue
  - From: "Darouichi, Aziz" <adarouic@post03.curry.edu>
- Re: SSL/TLS issue
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: Re: SSL/TLS issue
Next by Date: RE: SSL/TLS issue
Index(es):
- Chronological
- Thread