On Thu, Sep 26, 2013 at 08:33:56AM -0700, Quanah Gibson-Mount wrote:
--On Thursday, September 26, 2013 4:35 PM +0800 Tian Zhiying
># ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D
># "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W
>ldap_bind: Can't contact LDAP server (-1)
> additional info: error:14090086:SSL
>routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state. What
>is the cause?
The problem is a lack of understanding how SSL/TLS works. You requested a
secure connection, you must use the hostname, not the IP address.
You can use an IP address, if that IP address is in the SAN (Subject
Alternate Name) list of the certificate.
'Verify' usually refers to the signer of the certificate not being trusted.
'Validation' usually refers to the date range of the certificate being
Mind you, this is me leveraging OpenSSL's vocabulary. There are
other SSL providers that may be in play.
Zimbra Software, LLC
Zimbra :: the leader in open source messaging and collaboration
Brian Reichert <reichert(a)numachi.com>
BSD admin/developer at large