-------- Original Message --------
Subject: ldap tls/ssl connection
Date: Fri, 11 Mar 2011 15:45:09 +0100
From: Sergio Marino <sermar...@yahoo.it>
To: openca-users-ow...@lists.sourceforge.net
Hi all,
I've installed OpenCa and now I'm trying to enable LDAP support on it.
The LDAP server supports only secure connection on TLS/SSL and when I
try to add a certificate in LDAP from the web-interface of OpenCA I get
the following error:
---------------------------------------------------------------------------------------------------------------------------
Certificate 0 FAILED (error 81: LDAP-bind failed: Can't contact LDAP server)
---------------------------------------------------------------------------------------------------------------------------
The log file of LDAP server reports instead:
---------------------------------------------------------------------------------------------------------------------------
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol.
connection_read(13): TLS accept failure error=-1 id=1002, closing
connection_closing: readying conn=1002 sd=13 for close
connection_close: conn=1002 sd=13
daemon: activity on 1 descriptor
daemon: activity on:
daemon: removing 13
conn=1002 fd=13 closed (TLS negotiation failure)
daemon: epoll: listen=6 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
Certificate 0 FAILED (error 81: LDAP-bind failed: Can't contact LDAP server)
---------------------------------------------------------------------------------------------------------------------------
I tried to set up correctly the parameters on slapd.conf, but without
success.
Here's the security part of the file
---------------------------------------------------------------------------------------------------------------------------
TLSCipherSuite HIGH:MEDIUM
TLSCertificateFile /etc/openldap/ssl/server.pem
TLSCertificateKeyFile /etc/openldap/ssl/server.key
TLSCACertificateFile /etc/openldap/ssl/cacert.pem
TLSVerifyClient allow
---------------------------------------------------------------------------------------------------------------------------
Any help is highly appreciated.
Thanks in advance.
Regards.
Sergio.
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users