On 11/05/12 08:29 +0100, Admus wrote:
On 11/04/2012 11:59 PM, Dan White wrote:
On 11/04/12 23:13 +0100, admus wrote:
Hello, I'm following https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-tls-... how to: LDAP serwer starts correctly but when I tries to test StartTLS: ldapsearch -x -H ldap:/// -ZZ -d -1 I gets the following error: TLS: peer cert untrusted or revoked (0x42) TLS: can't connect: (unknown error code). ldap_err2string ldap_start_tls: Connect error (-11) additional info: (unknown error code) Any idea?
Your hostname will need to match the certificate you have installed. '-H ldap:///' will, instead, need to include the hostname matching your certificate.
For project documentation, see chapter 16 of the OpenLDAP Administrator's Guide, slapd-config(5), ldap.conf(5), and ldapsearch(1).
ldapsearch -x -H ldap://ldap1.example.com -ZZ -d -1
Does not help, same error. CN in my certificate is ldap1.example.com.
Assuming that your OpenLDAP was compiled against GnuTLS, use the GnuTLS tools to trouble shoot your certificate.
A google search for "peer cert untrusted or revoked (0x42)" finds users who also received that error.