On Mon, Oct 17, 2005 at 10:39:15AM +0200, Dieter Kluenter wrote: > I just experienced the same problem and it took me a few minutes to find > the reason, which resulted in > > TLS trace: SSL3 alert read:fatal:certificate expired > TLS trace: SSL_accept:failed in SSLv3 read client certificate A > TLS: can't accept. > TLS: error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate > expired s3_pkt.c:1052 > connection_read(15): TLS accept error error=-1 id=1, closing > > Creating and signing a new set of certificates solved it.
The certificate is fine here (other than being self-signed): # openssl x509 -in ldap.pem -noout -dates notBefore=Oct 7 16:26:09 2005 GMT notAfter=Aug 18 07:00:49 2021 GMT If I run ldapsearch from another machine which has another version of openldap that is not 2.3.11 nor 2.3.10, then it works.