Never mind, got it to work By setting TLS_REQCERT to allow

“ allow The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the ses‐ sion proceeds normally. ”

Although I am not sure what happens if an untrusted certificate is provided, would the client server communication not be encrypted?

Thank you, Amit

From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Kumar, Amit Sent: Wednesday, December 18, 2013 2:32 PM To: openldap-technical@openldap.org Subject: TLS: peer cert untrusted or revoked (0x42)

Dear All,

We have installed a newer version of Ubuntu 13.10 and trying to setup LDAP client.

Context: Self signed server CA certificate in pem format installed on the client with a hashed symbolic link pointing to it. We have other clients that are able to validate and are working great, hence I do not think this is a certificate issue, and also it is not expired.

And I get this legendary error “TLS: peer cert untrusted or revoked (0x42)” for which number of recommendation have been made online, to set TLS_REQCERT & TLS_CACERT in the /etc/ldap.conf Although this did not work for me.

While openssl and gnutls command can successfully connect and validate the certificate, ldapsearch and getent miserably fails.

Any insight into this error and an approach to fix this will be greatly appreciated.

Best Regards, Amit