[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SSL/TLS issue



This is the link I followed to create the CA and sigh it 
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#7.0

if I run cert check from client using  the following
 openssl s_client -connect ldap-ssl.curry.edu:636 -CApath /opt/local/etc/openldap/caert.pem

I get a response.  

 Verify return code: 19 (self signed certificate in certificate chain)


What else am I missing?

Thanks,


Aziz

-----Original Message-----
From: Aaron Richton [mailto:richton@nbcs.rutgers.edu] 
Sent: Monday, October 15, 2012 12:06 PM
To: Darouichi, Aziz
Cc: openldap-technical@openldap.org
Subject: RE: SSL/TLS issue

On Mon, 15 Oct 2012, Darouichi, Aziz wrote:

> TLS_CACERTDIR /opt/local/etc/openldap/cacert.pem

Not that I want to impose my filename conventions on you, but usually if I 
had a "cacert.pem" it would be a file, not a directory...and as such, it 
would be TLS_CACERT instead of TLS_CACERTDIR? Was this intentional?

If it is a directory and you're using OpenSSL, did you remember to do the 
OpenSSL directory hashing magic?