Hi, please stay on the mailing list.
Rick Stevens rps2@socal.rr.com writes:
Dieter Kluenter wrote:
Rick Stevens rps2@socal.rr.com writes:
I know this has been hashed over before, but I simply cannot get my LDAP clients to talk TLS/SSL to my LDAP server. I keep getting
TLS certificate verification: Error, self signed certificate in certificate chain
This error may not be the culprit, if the error (or warning) is referring to the CA. What is the CN of the server certificate and what is the host part of your search string?
The CN of the server certificate is:
CN=bigdog.hci.com/emailAddress=ricks@nerd.com
The host part of the search is "-h bigdog.hci.com"
In order to debug the TLS session run ldapsearch with -d3 option.
I never see it try to pick up the server's certificate, just the CA's and I see a "TLS trace: SSL3 alert write:fatal:unknown CA" error before it dies.
OK, could you please provide the TLS related entries of slapd.conf and ldap.conf? It seems that the server is not providing a server certificate but a CA.
-Dieter
openldap-software@openldap.org