On Monday 01 September 2008 08:08:03 Dat Duong wrote:
Hi,
I can't find anywhere on how to fix my RHEL 5 to use TLS/SSL authentication.
Well, it works for me, without any "fixing", just correct configuration.
I will work when I comment out the ssl startTLS and SSL. On my Solaris 10, I can do ldapsearch with the -ZZ option
The -Z option in the native Solaris ldap utilities isn't for start_tls as with the OpenLDAP utilities. You need to specify *which* ldapsearch you are using.
I don't think the Solaris 10 ldapclient (the equivalent of nss_ldap) supports start_tls ...
Here is what I did with the debug on for ldapsearch. Please help me solve this problem...THANKS!!
TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server certificate request A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client certificate A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TLS trace: SSL3 alert read:fatal:handshake failure TLS trace: SSL_connect:failed in SSLv3 read finished A TLS: can't connect. ldap_perror ldap_start_tls: Connect error (-11) additional info: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
But, you didn't provide *any* details on your client configuration. Specifically, tls_cacertfile from /etc/ldap.conf, and TLS_CACERT from /etc/openldap/ldap.conf .
Regards, Buchan