You have a self signed certificate, so you don't need to verify your certificate. When you activate the tls on ldap, you only need this two lines, and you don't need the line with certificate verification* olcTLSCACertificateFile : *
dn: cn=config add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/myKey/{name_of_your_server}_slapd_cert.pem dn: cn=config add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/myKey/{name_of_your_server}_slapd_key.pem
On Mon, Dec 12, 2011 at 12:31 PM, Jayavant Patil <jayavant.patil82@gmail.com
wrote:
Hi,
On Mon, Dec 12, 2011 at 4:19 PM, reyman reyman64@gmail.com wrote:
With the option -ZZ i think, try this
ldapsearch -x -LLL -ZZ -d 150
Yeah, It shows output containing ber_dump, ldap_write,ldap_read, tls_write, tls_read etc. But at the end is shows the following:
TLS certificate verification: Error, self signed certificate TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_ CERTIFICATE:certificate verify failed (self signed certificate). ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate)
Why it shows an error ? and how to resolve this?
and when I do ldapsearch with -ZZ option it gives error
$ldapsearch -x -v -D "cn=root,dc=abc,dc=com" -w cluster -b "ou=People,dc=abc,dc=com" "uid=ldap_6" -h n0 -ZZ ldap_initialize( ldap://n0 ) ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
On Mon, Dec 12, 2011 at 11:21 AM, Jayavant Patil <
jayavant.patil82@gmail.com> wrote:
Hi,
I am using openldap-2.4.19-4.x86_64 on fedora 12 machine. I have
enabled openldap SSL/TLS. How do I know >>(test) that I am using SSL/TLS connections instead of normal ldap:///?
--
Thanks & Regards, Jayavant Ningoji Patil Engineer: System Software Computational Research Laboratories Ltd. Pune-411 004. Maharashtra, India. +91 9923536030.
--
Thanks & Regards, Jayavant Ningoji Patil Engineer: System Software Computational Research Laboratories Ltd. Pune-411 004. Maharashtra, India. +91 9923536030.