Problem verifying self signed certificate

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Problem verifying self signed certificate

James Wilde
Resent without smime problems, I hope.

I've googled on this problem and found a number of situations, none of
which has given me a lead to solving my problem.

On our certificate server, running Openssl v0.9.7f, I have created a
self signed CA certificate which so far has worked well.

Now I'm setting up an Openldap server as follows:  It's running RedHat
Enterprice Linux v4, Openssl v0.9.7a and Openldap v2.2.13.  I've had any
amount of trouble making sasl work and given up in favour of TLS.  Now
I'm having problems with this and it seems to be related to the validity
of the CA certificate.

Here's the output of a test I ran:

[root@log1 openldap]# openssl s_client -connect localhost:389 -showcerts
-state -CAfile /usr/share/ssl/certs/cacert.pem
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
24425:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:

For a bit more detail on the possible nature of the handshake failure,
here is a snippet from the attempt to run a replication over TLS:

TLS certificate verification: depth: 1, err: 19, subject:
/C=SE/L=Stockholm/O=Glocalnet AB/OU=Infrastructure/CN=Glocalnet
Certificate Authority/emailAddress=[hidden email], issuer:
/C=SE/L=Stockholm/O=Glocalnet AB/OU=Infrastructure/CN=Glocalnet
Certificate Authority/emailAddress=[hidden email]
TLS certificate verification: Error, self signed certificate in
certificate chain
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 30                               ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_err2string
Error: ldap_start_tls failed: Connect error (-11)
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 6
  0000:  30 05 02 01 02 42 00                               0....B.
ldap_write: want=7, written=7
  0000:  30 05 02 01 02 42 00                               0....B.
ldap_free_connection: actually freed
fm: exiting

I'd very much appreciate a hint as to what might be the problem and how
to fix it.

Apologies to those of you who are also in the openldap list, as I'm
going to post it there, too.

TIA

//James
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]