Re: Solaris 10 native Client with TLS to OpenLDAP

Tuesday, 7 October 2008

John Gee <john(a)kleinfeld.ch&gt; writes:

...
 Hello,

 i have a problem with connecting Solaris10 native LDAP Client to a
 openLDAP Server (slapd 2.4.11) with TLS. [...]
...
 TLS trace: SSL3 alert read:fatal:bad certificate
 TLS trace: SSL_accept:failed in SSLv3 read client certificate A
 TLS: can't accept.
 TLS: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
s3_pkt.c:1053
 connection_read(11): TLS accept failure error=-1 id=207, closing
 connection_closing: readying conn=207 sd=11 for close
 connection_close: conn=207 sd=11 
slapd refuses the client certificate

...
 -( solaris 10 - client )----

 # import the ca-cert
   certutil -N -d /var/ldap
   certutil -A -n "ca-cert" -i /tmp/ldap/ca-cert.pem -a -t CT -d /var/ldap/
 # import ldap-server certs
   certutil -A -d /var/ldap/ -n "ldap01.kleinfeld.ch" -t C,, -i
ldap01.kleinfeld.ch.pem
   certutil -A -d /var/ldap/ -n "ldap02.kleinfeld.ch" -t C,, -i
ldap02.kleinfeld.ch.pem
 # list cert-db
   certutil -L -d /var/ldap
   ca-cert                                                    CT,,
   ldap02.kleinfeld.ch                                        C,,
   ldap01.kleinfeld.ch                                        C,, 
The server presents the server certificate (ldap01.kleinfeld.ch),
the ldap client presents the CA but the server expects a client
certificate. Change slapd.conf not to verfiy a client certificate.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Solaris 10 native Client with TLS to OpenLDAP