-When you create the certificate did you use the FQDN of your server? -Did you compile openldap with tls support?
On 10/15/2012 10:36 AM, Darouichi, Aziz wrote:
Hi, I am running Openldap-2.4.32, BD-5.3.21 and openssl-1.0.1c on RHEL 5.5. I created CA cert and singed it but when I run ldeapsearch with --ZZ I get the following error: TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 19, subject: /C=US/ST=Mass/O=Curry College/OU=Technology Center/CN=LDAP-SSL.curry.edu/emailAddress=adarouic@curry.edu, issuer: /C=US/ST=Mass/O=Curry College/OU=Technology Center/CN=LDAP-SSL.curry.edu/emailAddress=adarouic@curry.edu TLS certificate verification: Error, self signed certificate in certificate chain TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_perror ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Please let me know if I missed something in my configuration. Thanks, Aziz