Problem verifying self signed certificate

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Problem verifying self signed certificate

James Wilde
Resent without smime problems, I hope.

I've googled on this problem and found a number of situations, none of
which has given me a lead to solving my problem.

On our certificate server, running Openssl v0.9.7f, I have created a
self signed CA certificate which so far has worked well.

Now I'm setting up an Openldap server as follows:  It's running RedHat
Enterprice Linux v4, Openssl v0.9.7a and Openldap v2.2.13.  I've had any
amount of trouble making sasl work and given up in favour of TLS.  Now
I'm having problems with this and it seems to be related to the validity
of the CA certificate.

Here's the output of a test I ran:

[root@log1 openldap]# openssl s_client -connect localhost:389 -showcerts
-state -CAfile /usr/share/ssl/certs/cacert.pem
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
24425:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake

For a bit more detail on the possible nature of the handshake failure,
here is a snippet from the attempt to run a replication over TLS:

TLS certificate verification: depth: 1, err: 19, subject:
/C=SE/L=Stockholm/O=Glocalnet AB/OU=Infrastructure/CN=Glocalnet
Certificate Authority/emailAddress=[hidden email], issuer:
/C=SE/L=Stockholm/O=Glocalnet AB/OU=Infrastructure/CN=Glocalnet
Certificate Authority/emailAddress=[hidden email]
TLS certificate verification: Error, self signed certificate in
certificate chain
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 30                               ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
Error: ldap_start_tls failed: Connect error (-11)
ber_flush: 7 bytes to sd 6
  0000:  30 05 02 01 02 42 00                               0....B.
ldap_write: want=7, written=7
  0000:  30 05 02 01 02 42 00                               0....B.
ldap_free_connection: actually freed
fm: exiting

I'd very much appreciate a hint as to what might be the problem and how
to fix it.

Apologies to those of you who are also in the openldap list, as I'm
going to post it there, too.


OpenSSL Project                       
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]