> Here's the output of a test I ran: > > [EMAIL PROTECTED] openldap]# openssl s_client -connect localhost:389 > -showcerts > -state -CAfile /usr/share/ssl/certs/cacert.pem > CONNECTED(00000003) > SSL_connect:before/connect initialization > SSL_connect:SSLv2/v3 write client hello A > 24425:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:226: > > For a bit more detail on the possible nature of the handshake failure, > here is a snippet from the attempt to run a replication over TLS: > > TLS certificate verification: depth: 1, err: 19, subject: > /C=SE/L=Stockholm/O=Glocalnet AB/OU=Infrastructure/CN=Glocalnet > Certificate Authority/[EMAIL PROTECTED], issuer: > /C=SE/L=Stockholm/O=Glocalnet AB/OU=Infrastructure/CN=Glocalnet > Certificate Authority/[EMAIL PROTECTED] > TLS certificate verification: Error, self signed certificate in > certificate chain > tls_write: want=7, written=7 > 0000: 15 03 01 00 02 02 30 ......0 > TLS trace: SSL3 alert write:fatal:unknown CA > TLS trace: SSL_connect:error in SSLv3 read server certificate B > TLS trace: SSL_connect:error in SSLv3 read server certificate B > TLS: can't connect. > ldap_err2string > Error: ldap_start_tls failed: Connect error (-11) > ldap_unbind > ldap_free_connection > ldap_send_unbind > ber_flush: 7 bytes to sd 6 > 0000: 30 05 02 01 02 42 00 0....B. > ldap_write: want=7, written=7 > 0000: 30 05 02 01 02 42 00 0....B. > ldap_free_connection: actually freed > fm: exiting >
Hi James, Please could you show the TLS configuration from your slapd.conf and also the ldap.conf file on the client side? Sam
