Hi,
I want to setup a LDAPS connection with a self signed certificate.
Unfortunaly, I have the following error :
Peer's certificate issuer has been marked as not trusted by the user
I tried to trust is by a : certutil -d ... -A -n 'CA' -t CT,,, -a -i ca.crt
But it doen't change anything.
Has someone an idea for me ?
Best regards
On 11/09/2012 06:08 AM, Luc MAIGNAN wrote:
Hi,
I want to setup a LDAPS connection with a self signed certificate.
Unfortunaly, I have the following error :
Peer's certificate issuer has been marked as not trusted by the user
I tried to trust is by a : certutil -d ... -A -n 'CA' -t CT,,, -a -i ca.crt
But it doen't change anything.
Has someone an idea for me ?
What is your platform? What is your openldap version? Are you using openldap for client, server, or both?
Best regards
Le 09/11/2012 15:29, Rich Megginson a écrit :
On 11/09/2012 06:08 AM, Luc MAIGNAN wrote:
Hi,
I want to setup a LDAPS connection with a self signed certificate.
Unfortunaly, I have the following error :
Peer's certificate issuer has been marked as not trusted by the user
I tried to trust is by a : certutil -d ... -A -n 'CA' -t CT,,, -a -i ca.crt
But it doen't change anything.
Has someone an idea for me ?
What is your platform? What is your openldap version? Are you using openldap for client, server, or both?
Best regards
I use openLDAP for both client and server. My system is a Fedora 17, openldap 2.4.33
I think that the top propblem is this one : TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error Idea ?
BR
On 11/09/2012 07:37 AM, Luc MAIGNAN wrote:
Le 09/11/2012 15:29, Rich Megginson a écrit :
On 11/09/2012 06:08 AM, Luc MAIGNAN wrote:
Hi,
I want to setup a LDAPS connection with a self signed certificate.
Unfortunaly, I have the following error :
Peer's certificate issuer has been marked as not trusted by the user
I tried to trust is by a : certutil -d ... -A -n 'CA' -t CT,,, -a -i ca.crt
But it doen't change anything.
Has someone an idea for me ?
What is your platform? What is your openldap version? Are you using openldap for client, server, or both?
Best regards
I use openLDAP for both client and server. My system is a Fedora 17, openldap 2.4.33
I think that the top propblem is this one : TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error Idea ?
Is that error from the client or server? check for permissions - ls -al /etc/openldap/cacerts certutil -d /etc/openldap/cacerts -L
BR
Le 09/11/2012 15:51, Rich Megginson a écrit :
On 11/09/2012 07:37 AM, Luc MAIGNAN wrote:
Le 09/11/2012 15:29, Rich Megginson a écrit :
On 11/09/2012 06:08 AM, Luc MAIGNAN wrote:
Hi,
I want to setup a LDAPS connection with a self signed certificate.
Unfortunaly, I have the following error :
Peer's certificate issuer has been marked as not trusted by the user
I tried to trust is by a : certutil -d ... -A -n 'CA' -t CT,,, -a -i ca.crt
But it doen't change anything.
Has someone an idea for me ?
What is your platform? What is your openldap version? Are you using openldap for client, server, or both?
Best regards
I use openLDAP for both client and server. My system is a Fedora 17, openldap 2.4.33
I think that the top propblem is this one : TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error Idea ?
Is that error from the client or server? check for permissions - ls -al /etc/openldap/cacerts certutil -d /etc/openldap/cacerts -L
BR
all in /etc/openldap is owned by ldap
certutil -d /etc/openldap/cacerts -L gives
Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI
CA CT,,
On 11/09/2012 08:09 AM, Luc MAIGNAN wrote:
Le 09/11/2012 15:51, Rich Megginson a écrit :
On 11/09/2012 07:37 AM, Luc MAIGNAN wrote:
Le 09/11/2012 15:29, Rich Megginson a écrit :
On 11/09/2012 06:08 AM, Luc MAIGNAN wrote:
Hi,
I want to setup a LDAPS connection with a self signed certificate.
Unfortunaly, I have the following error :
Peer's certificate issuer has been marked as not trusted by the user
I tried to trust is by a : certutil -d ... -A -n 'CA' -t CT,,, -a -i ca.crt
But it doen't change anything.
Has someone an idea for me ?
What is your platform? What is your openldap version? Are you using openldap for client, server, or both?
Best regards
I use openLDAP for both client and server. My system is a Fedora 17, openldap 2.4.33
I think that the top propblem is this one : TLS: cannot open certdb '/etc/openldap/cacerts', error -8018:Unknown PKCS #11 error Idea ?
Is that error from the client or server? check for permissions - ls -al /etc/openldap/cacerts certutil -d /etc/openldap/cacerts -L
BR
all in /etc/openldap is owned by ldap
certutil -d /etc/openldap/cacerts -L gives
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA CT,,
Can you provide the output of LDAPTLS_CACERTDIR=/etc/openldap/cacerts ldapsearch -d 1 -xLLL -s base -b "" showing the attempt to open the key/cert db in /etc/openldap/cacerts?
openldap-technical@openldap.org
-
Luc MAIGNAN -
Rich Megginson