I am baffled as I have followed every HowTo and FAQ on line to get TLS working, and it just refuses to work on the LDAP server.
Here is what I have done thus far. I create a very basic LDIF with just my base organization and an admin user. If I query LDAP using ldapsearch I get back what I would expect to see from what I added using my LDIF. Fine. So now I want to get TLS working. I create a certificate using the following: openssl req -new -x509 -nodes \ -out slapdcert.pem -keyout slapdkey.pem \ -days 365 This create my certificates and I add the following lines to my slapd.conf and restart slapd. TLSCipherSuite HIGH TLSCertificateFile /etc/openldap/slapdcert.pem TLSCertificateKeyFile /etc/openldap/slapdkey.pem I go back to do an ldapsearch the only change being ldap://localhost/ to ldaps://localhost/ and I get an error message: Ldap_bind: Can't contact LDAP server (-1) Additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Now I have checked to be 100% certain that I have the right CN in the certificate and that I can to forward and reverse DNS properly. So what have I missed? The funny thing is, TLS works fine from a remote host, but not on the server itself. I tried changing localhost to the actual DNS name of the server, but still I get the same error. Thanks for your help! ________________________________________ Chip Burke
