Friday, December 17, 2004
Openldap TLS errors
Lost a few hours today over a stupid mistake, getting SSL/TLS running on Openldap. When I tried:
I got:
Over and over, I was troubleshooting the certificates, since that's the common problem. Certificates were fine, and the debug info suggests that it hasn't gotten to the certifacate handshake anyways.
Anyways, the dumb error was in slapd.conf
When I uncommented the lines giving the path to the certificates:
I'd left the leading spaces, so the configuration parameters weren't even loading. Hint: don't do this.
Lost a few hours today over a stupid mistake, getting SSL/TLS running on Openldap. When I tried:
ldapsearch -x -Z -h woodsy.nicholas.duke.edu -d 1
I got:
ldap_bind: Can't contact LDAP server
additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Over and over, I was troubleshooting the certificates, since that's the common problem. Certificates were fine, and the debug info suggests that it hasn't gotten to the certifacate handshake anyways.
Anyways, the dumb error was in slapd.conf
When I uncommented the lines giving the path to the certificates:
TLSCertificateFile /usr/share/ssl/certs/slapd.crt
TLSCertificateKeyFile /usr/share/ssl/certs/slapd.key
TLSCACertificateFile /usr/share/ssl/certs/server-ca.crt
I'd left the leading spaces, so the configuration parameters weren't even loading. Hint: don't do this.
