TLS trace: SSL3 alert read:fatal:unknown CA ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca. 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing
Self descriptive, I think. Your client doesn't know (trust) the root CA under which your server is certified. Therefore it can'n assert it's connecting to the genuine server, and prefers to abort the connection. 2014-03-11 14:23 GMT+01:00 Saurabh Ohri <[email protected]>: > Please help me what could cause this ? > > Thanks a ton everyone > > Sent from my iPhone > > On 11 Mar 2014, at 5:11 pm, saurabh ohri <[email protected]> wrote: > > Hi All, > > my ldapsearch and other things were working perfectly fine but not sure > what happened now. Seem some SSL issue. When i am doing ldapsearch i am > getting below error. > > [root@xxx-xxx-xxx etc]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W > -f /usr/local/openldap/dit.ldif -H ldaps://xxx-xxx-xxx.example.com > Enter LDAP Password: > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > > Logs error: > > TLS trace: SSL_accept:SSLv3 flush data > tls_read: want=5 error=Resource temporarily unavailable > TLS trace: SSL_accept:error in SSLv3 read client certificate A > TLS trace: SSL_accept:error in SSLv3 read client certificate A > 531ecbee daemon: activity on 1 descriptor > 531ecbee daemon: activity on:531ecbee > 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero > 531ecbee daemon: activity on 1 descriptor > 531ecbee daemon: activity on:531ecbee 11r531ecbee > 531ecbee daemon: read active on 11 > 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero > 531ecbee connection_get(11) > 531ecbee connection_get(11): got connid=1000 > 531ecbee connection_read(11): checking for input on id=1000 > tls_read: want=5, got=5 > 0000: 15 03 01 00 02 ..... > tls_read: want=2, got=2 > 0000: 02 30 .0 > TLS trace: SSL3 alert read:fatal:unknown CA > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > TLS trace: SSL_accept:failed in SSLv3 read client certificate A > TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca. > 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing > 531ecbee connection_closing: readying conn=1000 sd=11 for close > 531ecbee connection_close: conn=1000 sd=11 > 531ecbee daemon: removing 11 > 531ecbee daemon: activity on 1 descriptor > 531ecbee daemon: activity on:531ecbee > 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero > > Please suggest. > > Regards > Sam > > -- Erwann.
