Hi,
You need to find out where your ldap.conf file is and add an entry to that
TLSREQCERT allow
This directive makes the client allow and complete the ssl handshake even if the server cert does not match.
This error that you get is because of the fact that either the CN of the server and the issuer are same or something like that.That is probably error codes 18 or 19(ssl error codes).
Just try this out to be more clear:
$ openssl s_client -connect x.x.x.x:636 -showcerts
Which will barf out the error codes.
Thanks,
Shawn
Quoting Quanah Gibson-Mount quanah@zimbra.com:
--On Thursday, January 22, 2009 2:20 PM -0500 Jeff Blaine jblaine@kickflop.net wrote:
OpenLDAP 2.4.11 client
How do I subvert this bogusness? The cert is legit.
Provide the CA.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration