Hi,
this drives my crazy for about two days:
I do have two virtual Red Hat El 5.4 servers in a test environment. One should be an openldap master, the second should be a openldap slave.
openssl-0.9.8e-12.el5_4.1, openldap-2.3.43-3.el5 (RH EL original rpms)
I followed some instructions to set up TLS: Set up a CA, generate/sign certificates and keys, install tham on the servers and configure openldap, restart.
My problem is: tls works on the master (which also is my CA for the test), but not on the slave.
I've "openssl verify"ed and "openssl x509 -text"ed the certs - everything seams o.k.
I've checked ip addresses, name resolving, locations, pathes, permissions, fileversions - anything I can think of.
I've regenerated the key and cert for the slave following an other documentation (at least with the same steps), but alway do get the same error:
from the ldap server debug:
TLS trace: SSL3 alert write:fatal:handshake failure TLS trace: SSL_accept:error in SSLv3 read client hello B TLS trace: SSL_accept:error in SSLv3 read client hello B TLS: can't accept. TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:975 connection_read(13): TLS accept failure error=-1 id=0, closing
from the ldap client debug:
TLS trace: SSL3 alert read:fatal:handshake failure TLS trace: SSL_connect:error in SSLv2/v3 read server hello A TLS: can't connect. ldap_perror ldap_start_tls: Connect error (-11) additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
May be I missed a step or still skiped something ...
A thousand kowtows for any helping hint...!!
Best regards,
Götz
openldap-technical@openldap.org