Hi, please stay on the mailing list. Rick Stevens <[email protected]> writes:
> Dieter Kluenter wrote: >> Rick Stevens <[email protected]> writes: >> >>> I know this has been hashed over before, but I simply cannot get my >>> LDAP clients to talk TLS/SSL to my LDAP server. I keep getting >>> >>> TLS certificate verification: Error, self signed certificate in >>> certificate chain >> This error may not be the culprit, if the error (or warning) is >> referring to the CA. >> What is the CN of the server certificate and what is the host part of >> your search string? > > The CN of the server certificate is: > > CN=bigdog.hci.com/[email protected] > > The host part of the search is "-h bigdog.hci.com" > >> In order to debug the TLS session run ldapsearch with -d3 option. > > I never see it try to pick up the server's certificate, just the CA's > and I see a "TLS trace: SSL3 alert write:fatal:unknown CA" error before > it dies. OK, could you please provide the TLS related entries of slapd.conf and ldap.conf? It seems that the server is not providing a server certificate but a CA. -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°08'09,95"N 10°08'02,42"E
