Re: How to disable self-signed certificate validation?

Wed, 15 May 2013 00:45:25 -0700 

OK. I got it working.
I had to add

TLS_REQCERT never

in ldap.conf



--
Ashwin kumar
(http://ashwinkumar.me)


On Wed, May 15, 2013 at 1:07 PM, Ashwin Kumar <ashwinkumar...@gmail.com>wrote:

> I am using Apache Directory Studio and I have set up the server to run
> securely on SSL.
> This guide helped me getting it working:
> http://directory.apache.org/apacheds/basic-ug/3.3-enabling-ssl.html
>
> However, when I do use command line tools (ldapsearch)
> I end up with:
> "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
>
> Enabling the debug logging for ldapsearch, I end up with
> "TLS certificate verification: Error, self signed certificate"
>
> C:\Users\Ashwin>ldapsearch -x -H ldaps://localhost:10636 -d 1
> ldap_url_parse_ext(ldaps://localhost:10636)
> ldap_create
> ldap_url_parse_ext(ldaps://localhost:10636/??base)
> ldap_sasl_bind
> ldap_send_initial_request
> ldap_new_connection 1 1 0
> ldap_int_open_connection
> ldap_connect_to_host: TCP localhost:10636
> ldap_new_socket: 472
> ldap_prepare_socket: 472
> ldap_connect_to_host: Trying ::1 10636
> ldap_pvt_connect: fd: 472 tm: -1 async: 0
> attempting to connect:
> connect errno: 10061
> ldap_close_socket: 472
> ldap_new_socket: 472
> ldap_prepare_socket: 472
> ldap_connect_to_host: Trying 127.0.0.1:10636
> ldap_pvt_connect: fd: 472 tm: -1 async: 0
> attempting to connect:
> connect success
> TLS trace: SSL_connect:before/connect initialization
> TLS trace: SSL_connect:SSLv2/v3 write client hello A
> TLS trace: SSL_connect:SSLv3 read server hello A
> TLS certificate verification: depth: 0, err: 18, subject:
> /C=US/O=ASF/OU=ApacheD
> S/CN=zanzibar, issuer: /C=US/O=ASF/OU=ApacheDS/CN=zanzibar
> TLS certificate verification: Error, self signed certificate
> TLS trace: SSL3 alert write:fatal:unknown CA
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS: can't connect: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:cert
> ificate verify failed (self signed certificate).
> ldap_err2string
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
> How do I get this working? Am I missing something?
>
> --
> Ashwin kumar
> (http://ashwinkumar.me)
>

Reply via email to