Radomir Klacza <[email protected]> writes: > Hi all, > I'm trying to establish TLS connection with my newly configured > OpenLDAP server, but all the time I get the TLS Connection Failure > error. > > I have the following configuration in slapd.conf: > TLSCACertificateFile /etc/openldap/cacert.pem > TLSCertificateFile /etc/openldap/servercrt.pem > TLSCertificateKeyFile /etc/openldap/serverkey.pem > TLSVerifyClient never > > The CA and certs where creating with accordance to this tutorial: > http://www.openldap.org/faq/data/cache/185.html [...] > TLS: can't connect. > ldap_perror > ldap_start_tls: Connect error (-11) > > client is configured: > TLS_CACERT /etc/openldap/cacert.pem
Does the client have read access to /etc/openldap/ldap.conf and to /etc/openldap/cacert.pem? > and cacert is the same like on the server. > I'm using gentoo with openldap 2.4.19-r1 and openssl 0.9.8n > > I'm working on it for long time and currently I have no idea why it > does not working... Could you start slapd with -h ldaps:/// and try openssl s_client -connect <server>:636 -CAfile /path/to/CA -showcerts and check the CN value of the certificate returned. -Dieter -- Dieter Klünter | Systemberatung sip: +49.40.20932173 http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
