On 11/09/2012 08:09 AM, Luc MAIGNAN wrote:
Le 09/11/2012 15:51, Rich Megginson a écrit :
On 11/09/2012 07:37 AM, Luc MAIGNAN wrote:
Le 09/11/2012 15:29, Rich Megginson a écrit :
On 11/09/2012 06:08 AM, Luc MAIGNAN wrote:
Hi,

I want to setup a LDAPS connection with a self signed certificate.

Unfortunaly, I have the following error :

Peer's certificate issuer has been marked as not trusted by the user

I tried to trust is by a : certutil -d ... -A -n 'CA' -t CT,,, -a -i ca.crt

But it doen't change anything.

Has someone an idea for me ?

What is your platform?  What is your openldap version?  Are you using openldap for client, server, or both?


Best regards


I use openLDAP for both client and server.
My system is a Fedora 17, openldap 2.4.33

I think that the top propblem is this one : TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error
Idea ?

Is that error from the client or server?
check for permissions - ls -al /etc/openldap/cacerts
certutil -d /etc/openldap/cacerts -L


BR

all in /etc/openldap is owned by ldap

 certutil -d /etc/openldap/cacerts -L gives

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

CA                                                           CT,,

Can you provide the output of
LDAPTLS_CACERTDIR=/etc/openldap/cacerts ldapsearch -d 1 -xLLL -s base -b ""
showing the attempt to open the key/cert db in /etc/openldap/cacerts?