I am failing to authenticate through ldap proxy and I am seeing this error coming in continuously
*TLS certificate verification: Error, self signed certificate in certificate chain*
*TLS: can't connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain).*
Any suggestions how to resolve this?
Here is my slapd.conf.
### Schema includes
########################################################## include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema ## Module paths ############################################################## modulepath /usr/lib64/openldap/ moduleload back_ldap # Main settings ############################################################### pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args sizelimit unlimited TLSCACertificateFile /root/data/certs/ldap.crt TLSCertificateFile /root/data/certs/ldap.crt TLSCertificateKeyFile /root/data/certs/ldap.key ### Database definition (Proxy to Corp LDAP) ######################################### database ldap readonly yes protocol-version 3 rebind-as-user yes uri "ldaps://192.168.1.100:636" suffix "ou=People,dc=example,dc=net" ### Logging ################################################################### loglevel 0 It had been working until last week when IT changed there ldap certificate
I generate the certificate using this command
*openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /root/data/certs/ldap.key -out /root/data/certs/ldap.crt -subj "/CN=host.example.net/OU=Example/O=Example/L=City/ST=ST/C=US http://host.example.net/OU=Example/O=Example/L=City/ST=ST/C=US"*
So I recreated against the same IT ldap server, so I do have the new cert and keys produced same way as before.
All new authentication are failing now.