From: Fran Fabrizio <[EMAIL PROTECTED]>
Date: Thu, 31 Aug 2006 15:03:28 -0500
X-Message-Number: 2
I'm trying to configure TLS to verify the server cert. It's failing
with this:
]# ldapsearch -Z -h throne.cis.uab.edu -x
ldap_start_tls: Connect error (91)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ldap_bind: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[EMAIL PROTECTED] openldap]#
The cacert.pem on the client looks like this:
# pwd
/etc/openldap/cacerts
# ls -l
total 4
-rw-r--r-- 1 root root 1350 Aug 31 14:40 cacert.pem
# openssl x509 -in cacert.pem -text
The client has in /etc/openldap/ldap.conf:
tls_reqcert try
TLS_CACERTDIR /etc/openldap/cacerts
It looks like everything is in order.
Re-read the ldap.conf(5) manpage or the OpenLDAP Admin Guide. Your
cacerts directory is not configured correctly for use with the
TLS_CACERTDIR directive.
-- Fran Fabrizio Senior Systems Analyst Department of Computer and Information Sciences University of Alabama at Birmingham http://www.cis.uab.edu/ 205.934.0653
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
