Openldap TLS self CA issue

Support for security such as Firewalls and securing linux
Post Reply
Posts: 1
Joined: 2015/12/02 16:28:16

Openldap TLS self CA issue

Post by c4ifford » 2015/12/02 17:22:22

So I've got my openldap test server running and now I'm trying to add TLS.

I'm attempting to make a self signed cert from the process followed here.

I've been digging for the past two or three days now trying to find some sort of correlation on why it thinks that the CA is untrusted.

Code: Select all

ldapsearch -d1 -x -LLL -b cn=root -D "cn=Manager,dc=lab,dc=net"   -H "ldaps://" -W cn=config
Enter LDAP Password:
ldap_new_connection 1 1 0
ldap_connect_to_host: TCP
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS: certdb config: configDir='/etc/openldap/certs' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: using moznss security dir /etc/openldap/certs prefix .
TLS: certificate [] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
TLS: error: connect - force handshake failure: errno 22 - moznss error -8172
TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

User avatar
Forum Moderator
Posts: 23494
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Openldap TLS self CA issue

Post by TrevorH » 2015/12/03 12:25:43

Have you added your CA cert to the system so that it is trusted (I am assuming that you're using a self-signed cert created by your own CA).?
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply