[opensuse] 11.3: ldap connects don't accept self signed certificates
Hi. I'm facing a problem with 11.3 which did not occur in 11.2. I'm unable to connect to my ldap server from 11.3 clients using TLS. All ldap clients give the following error: ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain) The CA which singed the ldap server's cert is indeed self signed. However this used to be no problem for clients until 11.3 Regards .......Volker -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09-08-2010 14:52, Volker wrote:
Hi. Hi Volker, I'm facing a problem with 11.3 which did not occur in 11.2.
I'm unable to connect to my ldap server from 11.3 clients using TLS. All ldap clients give the following error:
ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate in certificate chain)
The CA which singed the ldap server's cert is indeed self signed. However this used to be no problem for clients until 11.3 I solved this by adding: to /etc/ldap.conf: tls_checkpeer no to /etc/openldap/ldap.conf: TLS_REQCERT allow
Hope it help you (or anyone else).
Regards
Regards,
.......Volker
-- Rui Santos http://www.ruisantos.com/ Veni, vidi, Linux! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Rui Santos -
Volker