Hello,
I'm farely now to OpenLDAP. I have successfully build a connection to an Windows Active Directory with LDAP over Port 389.
But when I switch to LDAPS and Port 636 and try a connection via the Softerra LDAP Browser I get the following error: TLS certificate verification: Error, unable to get local issuer certificate TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate).
I have installed the certificate of the Server I want to connect to on my machine.
But I still get this error. Does anyone have an idea why this error happens?
Here is my slapd.conf-File: # MDB Backend configuration file # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/nis.schema include ./schema/inetorgperson.schema #include ./schema/openldap.schema #include ./schema/dyngroup.schema
pidfile ./run/slapd.pid argsfile ./run/slapd.args
loglevel 256
sizelimit unlimited timelimit unlimited
####################################################################### # mdb database definitions #######################################################################
database meta suffix "dc=example,dc=com"
uri "ldaps://dc001.example.com:636/DC=example,DC=com"
a.leurs@consense-gmbh.de writes:
Hello,
I'm farely now to OpenLDAP. I have successfully build a connection to an Windows Active Directory with LDAP over Port 389.
But when I switch to LDAPS and Port 636 and try a connection via the Softerra LDAP Browser I get the following error: TLS certificate verification: Error, unable to get local issuer certificate TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (unable to get local issuer certificate).
I have installed the certificate of the Server I want to connect to on my machine.
But I still get this error. Does anyone have an idea why this error happens?
Here is my slapd.conf-File: # MDB Backend configuration file # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. ucdata-path ./ucdata include ./schema/core.schema include ./schema/cosine.schema include ./schema/nis.schema include ./schema/inetorgperson.schema #include ./schema/openldap.schema #include ./schema/dyngroup.schema
pidfile ./run/slapd.pid argsfile ./run/slapd.args
loglevel 256
sizelimit unlimited timelimit unlimited
####################################################################### # mdb database definitions #######################################################################
database meta suffix "dc=example,dc=com"
uri "ldaps://dc001.example.com:636/DC=example,DC=com"
Read the manual pages on slapd.conf(5), slapd-mdb(5), slapd-meta(5), and read on Transport Layer Security (TLS) In order order to verify the host certificate of host dc001.example.com you should provide and configure the certification authority (CA) that signed the host certificate.
The configuration of a ucdata path is obsolete.
-Dieter
openldap-technical@openldap.org