Re: [EXTERNAL] Re: back-ldap and ldaps not working

Jon C Kidder wrote:

TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 19, subject: […] TLS certificate verification: Error, self signed certificate in certificate chain TLS trace: SSL3 alert write:fatal:unknown CA

I think this messages are pretty clear. Something's wrong on your back-ldap proxy with validating the target server's certificate.

It's a pretty good idea to verify first on the command-line:

openssl s_client -connect ldap.example.com:636 -CAfile /path/to/rootca.crt

LDAPTLS_CACERT=/path/to/rootca.crt ldapwhoami ldaps://ldap.example.com

Ciao, Michael.