problems with ldapsearch with SSL/TLS
807573Apr 27 2007 — edited May 15 2007hi, i try to connect ldap server with the conections are encripted from server side; so i create my own CA and a server ceritificate trusted by this CA using certutil and do this:
1) create a CA data base
2) create a CA certificate and sotore them in CA database
3) add this certificate to directory server certificate database
4) create a request of a server certificate
5) sign this request
6) add the trusted server certificate to directory server certificate database
# .../shared/bin/certutil certutil -V -u V -n einstein.prueba.uy -d .../alias -P slapd-einstein-
certutil: certificate is valid
# .../shared/bin/certutil -L -d .../alias -P "slapd-einstein-"
ca-cert CT,,
einstein.prueba.uy CTu,Cu,Cu
but when i try to search, i have the followin message:
# ldapsearch -x -v -Z -p 389 -h 100.0.4.180 -D "cn=bindmailUsers,cn=mailUsers,dc=prueba,dc=uy" -w passbindmailUsers -b "cn=mailUsers,dc=prueba,dc=uy" "uid=*" -d -1
....
....
ldap_result msgid 2
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 2
wait4msg continue, msgid 2, all 1
** Connections:
* host: 100.0.4.180 port: 389 (default)
refcnt: 2 status: Connected
last used: Fri Apr 27 14:00:12 2007
** Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=2, all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid 2, all 1
ber_get_next
ldap_read: want=8, got=0
ber_get_next failed.
ldap_perror
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
�I forget something?
�i doing something wrong?
� i must to configure ldapclient in solaris or openldap under linux to make this work ok?
thanks in advance!!!