Try adding a corres[ponding TLSCipherSuite entry to ldap.conf.
\Greg
JOYDEEP wrote:
Dear list,
Now *ldapsearch -x -ZZ* is working; but again I have a problem when demanding certificate from host. the error is
======================== ldap_perror ldap_start_tls: Connect error (-11) additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure ======================================================================
Here is my slapd.conf section of TLS
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient demand
Here is my ldap.conf
TLS_CACERT /etc/openldap/myca/cacert.pem TLS_CERT /etc/openldap/myca/servercert.pem TLS_KEY /etc/openldap/myca/serverkey.pem TLS_REQCERT allow
please note I have a self signed certificate.
Thanks