Radomir Klacza rklacza@melog.com writes:
Hi all, I'm trying to establish TLS connection with my newly configured OpenLDAP server, but all the time I get the TLS Connection Failure error.
I have the following configuration in slapd.conf: TLSCACertificateFile /etc/openldap/cacert.pem TLSCertificateFile /etc/openldap/servercrt.pem TLSCertificateKeyFile /etc/openldap/serverkey.pem TLSVerifyClient never
The CA and certs where creating with accordance to this tutorial: http://www.openldap.org/faq/data/cache/185.html
[...]
TLS: can't connect. ldap_perror ldap_start_tls: Connect error (-11)
client is configured: TLS_CACERT /etc/openldap/cacert.pem
Does the client have read access to /etc/openldap/ldap.conf and to /etc/openldap/cacert.pem?
and cacert is the same like on the server. I'm using gentoo with openldap 2.4.19-r1 and openssl 0.9.8n
I'm working on it for long time and currently I have no idea why it does not working...
Could you start slapd with -h ldaps:/// and try openssl s_client -connect <server>:636 -CAfile /path/to/CA -showcerts and check the CN value of the certificate returned.
-Dieter