On Wed, Nov 24, 2004, Florin Angelescu wrote: > On Tuesday 23 November 2004 16:57, Dr. Stephen Henson wrote: > > On Tue, Nov 23, 2004, Florin Angelescu wrote: > > > Hello > > > I am trying to set up an ssl acces to ldap > > > following http://www.openldap.org/faq/data/cache/185.html > > > > > > i created my ca > > > and signed the certificates for the server and client > > > but i still get a 'self signed error' > > > i checked and i saw that it was because of cacert.pem which is selfsigned > > > > > > question : how to solve this ??? > > > (do i have to sign the CA certificate by another CA ? and how ? ) > > > thank you very much > > > > Firstly I'd suggest you use CA.pl instead of CA.sh which is older. > > > > What is giving you the error? If its a client then you'd need to include a > > command line switch or configuration option telling it to include > > 'cacert.pem' in its trusted list of CAs. > > > > Steve. > > -- > Thank you for answering. > The error is given by ldapsearch ( and ldap.conf & sldap.conf are well > configured). > The error is also reported by openssl. > "self signed certificate in certification chain" > (the CA certificate) >
The problem is not that you have a self signed CA it is that the software doesn't trust it. The configuration or command line options should provide a means of specifying a file or directory containing trusted CAs. You should change them to include 'cacert.pem'. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]