Never mind, got it to work

By setting TLS_REQCERT to allow

 

allow  The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the ses

                     sion proceeds normally.

 

Although I am not sure what happens if an untrusted certificate is provided, would the client server communication not be encrypted?

 

Thank you,

Amit

 

 

 

From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Kumar, Amit
Sent: Wednesday, December 18, 2013 2:32 PM
To: openldap-technical@openldap.org
Subject: TLS: peer cert untrusted or revoked (0x42)

 

Dear All,

 

We have installed a newer version of Ubuntu 13.10 and trying to setup LDAP client.

 

Context: Self signed server CA certificate in pem format installed on the client with a hashed symbolic link pointing to it. We have other clients that are able to validate and are working great, hence I do not think this is a certificate issue, and also it is not expired.

 

And I get this legendary error “TLS: peer cert untrusted or revoked (0x42)” for which number of recommendation have been made online, to set TLS_REQCERT & TLS_CACERT in the /etc/ldap.conf

Although this did not work for me.

 

While openssl and gnutls command can successfully connect and validate the certificate, ldapsearch and getent miserably fails.

 

Any insight into this error and an approach to fix this will be greatly appreciated.

 

Best Regards,

Amit