Seshadri, Anitha wrote: > I would like to open a discussion with OpenLDAP team. Please don't spam all these e-mail adresses. openldap-technical@openldap.org is sufficient for asking OpenLDAP usage questions. > We are currently using OpenLdap 2.4.16 version on Win 64 .We are using RSA and MES Shareadapter internally to build the openldap libs. > > I am getting the below error when I use Sha-256 (2048 key length) certificates: > > ldap_sasl_bind_s: Can't contact LDAP server (-1) error:14090086:SSL routines: SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > > I am using the option LDAP_OPT_X_TLS_CACERTDIR and pass the cert directory which has the certificates. This fails. > But the same passes when I use LDAP_OPT_X_TLS_CACERTFILE and point to the certicate which is of .pem format. I assume you're using the OpenLDAP client libs on Windows. Furthermore I assume that you've linked OpenLDAP to the OpenSSL libs. If yes, then using LDAP_OPT_X_TLS_CACERTDIR might fail since you did not put the CA certs with hash-based file names into there. Normally on Unixoid systems like Linux one creates symbolic links with the cert hash as name. So this seems rather to be a question on how to correctly use OpenSSL on Windows. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature