Hi, We have to implement a 2 way SSL mechanism on a LDAP connector in our product. In order to test the implementation, we have chosen openLDAP2.4 as the data source. Currently we have done the following steps: On the OpenLDAP end: 1. Installed OpenLDAP with TLS feature 2.Created a CA using OpenSSL /etc/pki/tls/misc/CA –newca 3.Created a certificate using OpenSSL openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem 4.Signed the certificate using the CA created /etc/pki/tls/misc/CA –sign 5. Finally stored the cacert.pem, newreq.pem and newcert.pem under /opt/openldap/certificate folder 6. Following changes were made in sldap.conf TLSCipherSuite MEDIUM:+SSLv2:+SSLv3:RSA TLSCACertificatePath /opt/openldap/certificate/ TLSCACertificateFile /opt/openldap/certificate/cacert.pem TLSCertificateFile /opt/openldap/certificate/servercrt.pem TLSCertificateKeyFile /opt/openldap/certificate/serverkey.pem # Use the following if client authentication is required TLSVerifyClient demand 7.Similarly a new certificate for client was created using client’s details such as host name etc 8.Signed by the previously created CA On the client side: 1. Following changes were made in ldap.conf HOST spsdel192 PORT 636 TLS_CACERTDIR/etc/openldap/certs TLS_REQCERT demand TLS_CACERT /etc/openldap/certs/cacert.pem Finally when executing [root@spsdel193 ~]# ldapsearch -v -Z -D cn=root,o=ShawEnterprise -w secret -b o=accounts,o=shawEnterprise ldap_initialize( <DEFAULT> ) ldap_start_tls: Connect error (-11) additional info: TLS error -12227:SSL peer was unable to negotiate an acceptable set of security parameters. ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) [root@spsdel193 ~]# Any solution to resolve this issue would be of great help. Thanks in advance. Regards Vidya