LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-11-2014, 12:45 AM   #1
hippie131
LQ Newbie
 
Registered: Jun 2014
Posts: 3

Rep: Reputation: Disabled
Ubuntu OpenLDAP self-signed cert woes


So I have my openldap server working perfectly without TLS. Running Ubuntu 12.04.4 and OpenLDAP 2.4. I have built my own CA and created a cert for the server as well. After adding my certs with the proper ldif file it still will not trust my certs.

I ran "ldapsearch -x -H ldap://Domain.Name/ -ZZ -d -1"

and it spit this out making me think its a trust issue:

TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_start_tls: Connect error (-11)
additional info: (unknown error code)

I googled my head off trying to find a solution but all of the guides say to edit the server's ldap.conf file which doesn't exist on my server. I literally tried to "locate ldap.conf" and got nothing.

I've also tried importing my CA cert into ubuntu's root cert store which didn't work.

anybody got any ideas?
 
Old 06-11-2014, 02:18 AM   #2
hippie131
LQ Newbie
 
Registered: Jun 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Turns out I needed to just manually make the /etc/ldap/ldap.conf file and put this in it

TLS_CACERT /etc/ldap/ssl/ca.crt
TLS_REQCERT demand

after that my queries now work. It still fails for other applications like owncloud and squid.
 
Old 06-11-2014, 03:24 AM   #3
hippie131
LQ Newbie
 
Registered: Jun 2014
Posts: 3

Original Poster
Rep: Reputation: Disabled
Turns out this fixed all my issues.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to deploy signed certificate to OpenLDAP server Sophan Red Hat 1 12-17-2013 07:25 PM
getting mailx to use other machine's postfix server, not trusting my self-signed cert psycroptic Linux - Software 0 06-21-2013 01:44 AM
[SOLVED] postfix rejecting self-signed cert on remote smtp server? sneakyimp Linux - Server 10 06-27-2011 03:00 PM
Can't import a cert (signed with OpenSSL) into a Java Key Store using keytool ajs418 Linux - Security 1 02-11-2011 05:51 PM
How to add SANs to a self signed SSL cert pirhana Linux - Security 1 11-08-2008 08:27 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration