Re: SSL/TLS issue

[cbulist <cbulist@gmail.com>]

-When you create the certificate did you use the FQDN of your server?
-Did you compile openldap with tls support?

On 10/15/2012 10:36 AM, Darouichi, Aziz wrote:

Hi,

 

 

I am running Openldap-2.4.32,  BD-5.3.21 and openssl-1.0.1c on RHEL 5.5. I  created CA cert and singed it but when I run ldeapsearch  with –ZZ I get the following error:

 

TLS trace: SSL_connect:before/connect initialization

TLS trace: SSL_connect:SSLv2/v3 write client hello A

TLS trace: SSL_connect:SSLv3 read server hello A

TLS certificate verification: depth: 1, err: 19, subject: /C=US/ST=Mass/O=Curry College/OU=Technology Center/CN=LDAP-SSL.curry.edu/emailAddress=adarouic@curry.edu, issuer: /C=US/ST=Mass/O=Curry College/OU=Technology Center/CN=LDAP-SSL.curry.edu/emailAddress=adarouic@curry.edu

TLS certificate verification: Error, self signed certificate in certificate chain

TLS trace: SSL3 alert write:fatal:unknown CA

TLS trace: SSL_connect:error in SSLv3 read server certificate B

TLS trace: SSL_connect:error in SSLv3 read server certificate B

TLS: can't connect.

ldap_perror

ldap_start_tls: Connect error (-11)

        additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

 

 

Please let me know if I missed something in my configuration.

 

 

Thanks,

 

 

Aziz