Hello,
I currently have a openldap installed on a debian etch box. I have setup a CA on the box and created the certificates and have ssl/tsl working. I have tested that ssl/tsl is working by preforming a search
"# ldapsearch -x -W -D 'cn=admin,dc=test,dc=com' -H \ ldap://test.com -ZZ '(uid=users.1)'
This search operation returns me with the correct user.
When I try and preform a "startTLS" from another PC I recieve the following error
ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Can anyone help me solve this problem?
--On December 14, 2007 12:16:04 PM +1100 Andy theands@gmail.com wrote:
Hello,
I currently have a openldap installed on a debian etch box. I have setup a CA on the box and created the certificates and have ssl/tsl working. I have tested that ssl/tsl is working by preforming a search
"# ldapsearch -x -W -D 'cn=admin,dc=test,dc=com' -H \ ldap://test.com -ZZ '(uid=users.1)'
This search operation returns me with the correct user.
When I try and preform a "startTLS" from another PC I recieve the following error
ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Can anyone help me solve this problem?
Make sure the client on the other PC has access to the CA cert. Otherwise, as it says, it can't verify the certificate being presented.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
Andy -
Quanah Gibson-Mount