On Thu, Sep 26, 2013 at 08:33:56AM -0700, Quanah Gibson-Mount wrote:
--On Thursday, September 26, 2013 4:35 PM +0800 Tian Zhiying tianzy1225@thundersoft.com wrote:
# ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D # "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state. What is the cause?
The problem is a lack of understanding how SSL/TLS works. You requested a secure connection, you must use the hostname, not the IP address.
You can use an IP address, if that IP address is in the SAN (Subject Alternate Name) list of the certificate.
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name...
'Verify' usually refers to the signer of the certificate not being trusted. 'Validation' usually refers to the date range of the certificate being correct.
http://www.openssl.org/docs/apps/verify.html
Mind you, this is me leveraging OpenSSL's vocabulary. There are other SSL providers that may be in play.
--Quanah
--
Quanah Gibson-Mount Lead Engineer Zimbra Software, LLC
Zimbra :: the leader in open source messaging and collaboration