Ubuntu 12.04 LDAP SSL self-signed cert not accepted
Posted
by
MaddHacker
on Server Fault
See other posts from Server Fault
or by MaddHacker
Published on 2012-06-14T10:49:28Z
Indexed on
2012/09/16
3:40 UTC
Read the original article
Hit count: 753
I'm working with Ubuntu 12.04, using OpenLDAP server. I've followed the instructions on the Ubuntu help pages and can happily connect without security. To test my connection, I'm using ldapsearch
the command looks like:
ldapsearch -xv -H ldap://ldap.[my host].local -b dc=[my domain],dc=local -d8 -ZZ
I've also used:
ldapsearch -xv -H ldaps://ldap.[my host].local -b dc=[my domain],dc=local -d8
As far as I can tell, I've setup my certificate correctly, but no matter why I try, I can't seem to get ldapsearch
to accept my self-signed certificate.
So far, I've tried:
- Updating my
/etc/ldap/ldap.conf
file to look like:
BASE dc=[my domain],dc=local URI ldaps://ldap.[my host].local TLS_CACERT /etc/ssl/certs/cacert.crt TLS_REQCERT allow
- Updating my
/etc/ldap.conf
file to look like:
base dc=[my domain],dc=local uri ldapi:///ldap.[my host].local uri ldaps:///ldap.[my host].local ldap_version 3 ssl start_tls ssl on tls_checkpeer no TLS_REQCERT allow
Updating my
/etc/default/slapd
to include:SLAPD_SERVICES="ldap:/// ldapi:/// ldaps:///"
Several hours of Googling, most of which resulted in adding the
TLS_REQCERT allow
The exact error I'm seeing is:
ldap_initialize( ldap://ldap.[my host].local )
request done: ld 0x20038710 msgid 1
TLS certificate verification: Error, self signed certificate in certificate chain
TLS: can't connect.
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
After several hours of this, I was hoping someone else has seen this issue, and/or knows how to fix it. Please do let me know if I should add more information, or if you need further data.
© Server Fault or respective owner