Hi Espeake Thanks for your quick reply. There is no firewall between the two systems. Telnet 192.168.0.10 is ok, as follows: -------------------------------------------- # telnet 192.168.0.10 636 Trying 192.168.0.10... Connected to localhost (192.168.0.10). Escape character is '^]'. quit Connection closed by foreign host. Actually, LDAP Server is used for other system, include mediawiki/redmine/gerrit... , now these systems are unable to use LDAPS certification. So, I use ldapsearch method to test it. Tian Zhiying From: espeake Date: 2013-09-26 18:42 To: tianzy1225 CC: openldap-technical; openldap-technical-bounces Subject: Re: Other system use port 636 connect LDAP Server Error From: "Tian Zhiying" <tianzy1225(a)thundersoft.com&gt; To: openldap-technical <openldap-technical(a)openldap.org&gt; Cc: tianzy1225 <tianzy1225(a)thundersoft.com&gt; Date: 09/26/2013 03:38 AM Subject: Other system use port 636 connect LDAP Server Error Sent by: openldap-technical-bounces(a)OpenLDAP.org Hi In ldap server(localhost) , I execute the below command , it ok. # ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W But in other linux system is not ok, below is the error info: # ldapsearch -x -b 'ou=people,dc=mydomain,dc=com' -D "cn=interface,dc=mydomain,dc=com" -H ldaps://192.168.1.10 -W ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed LDAP Server is Centos 5.8 64 OS, iptables serverice is closed state. What is the cause? You have any Suggestions? Thanks. Tian Zhiying -- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 6C4D96009F0.A06A1 Is there a firewall between the two systems> That port could be blocked. Try doing a telnet to that IP on port 636. telenet 192.168.1.10 636 Eric This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS ?2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.

--On Thursday, September 26, 2013 4:35 PM +0800 Tian Zhiying <tianzy1225(a)thundersoft.com&gt; wrote: The problem is a lack of understanding how SSL/TLS works. You requested a secure connection, you must use the hostname, not the IP address. --Quanah -- Quanah Gibson-Mount Lead Engineer Zimbra Software, LLC -------------------- Zimbra :: the leader in open source messaging and collaboration

--On Thursday, September 26, 2013 1:33 PM -0400 Brian Reichert <reichert(a)numachi.com&gt; wrote: True. I don't think I've actually seen anyone do it though. ;) --Quanah -- Quanah Gibson-Mount Lead Engineer Zimbra Software, LLC -------------------- Zimbra :: the leader in open source messaging and collaboration