I have created a cert. on the server and openldap starts without any issues, however when I attempt to connect via ldaps I keep getting the following error:
ldapsearch -x -H ldaps://localhost:636 -D "cn=Manager,dc=testing,dc=com" -W -b "dc=testing,dc=com" "(objectClass=top)"
Enter LDAP Password:
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I can’t quite pin point what the problem might be.
Lynn York II
MavenWire Hosting Admin
www.mavenwire.com
(866) 343-4870 x717
MavenWire - We DELIVER
This e-mail and any attached files may contain confidential and/or privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive this e-mail for the recipient), you may not review, copy or distribute this message. Please contact the sender by reply e-mail and delete all copies of this message.
MavenWire - We DELIVER http://www.mavenwire.com
This e-mail and any attached files may contain confidential and/or privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive this e-mail for the recipient), you may not review, copy or distribute this message. Please contact the sender by reply e-mail and delete all copies of this message.
I ran into various issues with OpenLDAP + SSL/TLS. Finally, I ended up tunneling via stunnel. Something you might want to consider?
Siddhartha
From: openldap-technical-bounces+sjain=silverspringnet.com@openldap.org [mailto:openldap-technical-bounces+sjain=silverspringnet.com@openldap.org] On Behalf Of Lynn York Sent: Monday, April 12, 2010 8:14 AM To: openldap-technical@openldap.org Subject: Problem with SSL/TLS
I have created a cert. on the server and openldap starts without any issues, however when I attempt to connect via ldaps I keep getting the following error:
ldapsearch -x -H ldaps://localhost:636 -D "cn=Manager,dc=testing,dc=com" -W -b "dc=testing,dc=com" "(objectClass=top)" Enter LDAP Password: ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I can't quite pin point what the problem might be.
Lynn York II MavenWire Hosting Admin www.mavenwire.comhttp://www.mavenwire.com (866) 343-4870 x717
MavenWire - We DELIVER http://www.mavenwire.com
This e-mail and any attached files may contain confidential and/or privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive this e-mail for the recipient), you may not review, copy or distribute this message. Please contact the sender by reply e-mail and delete all copies of this message.
MavenWire - We DELIVER
This e-mail and any attached files may contain confidential and/or privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive this e-mail for the recipient), you may not review, copy or distribute this message. Please contact the sender by reply e-mail and delete all copies of this message.
As that might be a viable option, at this point it is not. I have too many servers that will be getting the user information from LDAP, I would much rather just copy a couple certs instead of installing stunnel.. unless, I am missing something here?
*From:* Siddhartha Jain [mailto:sjain@silverspringnet.com] *Sent:* Monday, April 12, 2010 3:53 PM *To:* Lynn York; openldap-technical@openldap.org *Subject:* RE: Problem with SSL/TLS
I ran into various issues with OpenLDAP + SSL/TLS. Finally, I ended up tunneling via stunnel. Something you might want to consider?
Siddhartha
*From:* openldap-technical-bounces+sjain=silverspringnet.com@openldap.org[mailto: openldap-technical-bounces+sjain <openldap-technical-bounces%2Bsjain>= silverspringnet.com@openldap.org] *On Behalf Of *Lynn York *Sent:* Monday, April 12, 2010 8:14 AM *To:* openldap-technical@openldap.org *Subject:* Problem with SSL/TLS
I have created a cert. on the server and openldap starts without any issues, however when I attempt to connect via ldaps I keep getting the following error:
ldapsearch -x -H ldaps://localhost:636 -D "cn=Manager,dc=testing,dc=com" -W -b "dc=testing,dc=com" "(objectClass=top)"
Enter LDAP Password:
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I can’t quite pin point what the problem might be.
Lynn York II
MavenWire Hosting Admin
www.mavenwire.com
(866) 343-4870 x717
MavenWire - We DELIVER
This e-mail and any attached files may contain confidential and/or privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive this e-mail for the recipient), you may not review, copy or distribute this message. Please contact the sender by reply e-mail and delete all copies of this message.
MavenWire - We DELIVER
This e-mail and any attached files may contain confidential and/or privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive this e-mail for the recipient), you may not review, copy or distribute this message. Please contact the sender by reply e-mail and delete all copies of this message.
MavenWire - We DELIVER http://www.mavenwire.com
This e-mail and any attached files may contain confidential and/or privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive this e-mail for the recipient), you may not review, copy or distribute this message. Please contact the sender by reply e-mail and delete all copies of this message.
openldap-technical@openldap.org
-
Lynn York -
Siddhartha Jain