Never mind, got it to work
By setting TLS_REQCERT to allow
“
allow The server certificate is requested. If no certificate is provided, the
session proceeds normally. If a bad certificate is provided, it will be ignored
and the ses‐
sion proceeds normally.
”
Although I am not sure what happens if an untrusted certificate is provided,
would the client server communication not be encrypted?
Thank you,
Amit
From: [email protected]
[mailto:[email protected]] On Behalf Of Kumar, Amit
Sent: Wednesday, December 18, 2013 2:32 PM
To: [email protected]
Subject: TLS: peer cert untrusted or revoked (0x42)
Dear All,
We have installed a newer version of Ubuntu 13.10 and trying to setup LDAP
client.
Context: Self signed server CA certificate in pem format installed on the
client with a hashed symbolic link pointing to it. We have other clients that
are able to validate and are working great, hence I do not think this is a
certificate issue, and also it is not expired.
And I get this legendary error “TLS: peer cert untrusted or revoked (0x42)” for
which number of recommendation have been made online, to set TLS_REQCERT &
TLS_CACERT in the /etc/ldap.conf
Although this did not work for me.
While openssl and gnutls command can successfully connect and validate the
certificate, ldapsearch and getent miserably fails.
Any insight into this error and an approach to fix this will be greatly
appreciated.
Best Regards,
Amit
