Ldapsearch Tls Error 8172
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About
Tls Error 8179 Peer's Certificate Issuer Is Not Recognized
Us Learn more about Stack Overflow the company Business Learn more about hiring ldapsearch peer's certificate issuer is not recognized developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question is not valid error certificate issuer is not recognized and answer site for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are
"tls Error -5938:encountered End Of File"
voted up and rise to the top CentOS openLDAP cert trust issues up vote 9 down vote favorite 1 # LDAPTLS_CACERTDIR=/etc/ssl/certs/ ldapwhoami -x -ZZ -H ldaps://ldap.domain.tld ldap_start_tls: Can't contact LDAP server (-1) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. # openssl s_client -connect ldap.domain.tld:636 -CApath /etc/ssl/certs <... successful tls negotiation stuff ...> Compression: 1 (zlib compression) Start Time:
Ldapsearch Ldap_sasl_bind(simple): Can't Contact Ldap Server (-1)
1349994779 Timeout : 300 (sec) Verify return code: 0 (ok) --- openssl seems to think the certificate is fine, but openldap's libraries (pam_ldap exhibits similar behavior, which is how I got on to this mess) disagree. What am I doing wrong? centos openldap openssl tls share|improve this question asked Oct 11 '12 at 22:51 84104 8,27522352 add a comment| 5 Answers 5 active oldest votes up vote 8 down vote accepted RHEL does not in fact provide anything that can be used as a 'certificate directory' for CA trust purposes. For OpenSSL, a certificate directory - a 'CApath' - is a directory containing individual certificate files (in PEM format or OpenSSL's extended 'trusted certificate' format), with names in a specific format based on a hash of the certificate's subject name. Usually this is achieved by putting files with human-readable names and .pem extensions in a directory and running c_rehash on it (see man c_rehash). For GnuTLS since 3.3.6 (prior to that GnuTLS had no directory support), it's just a directory with PEM files in it; GnuTLS will try and load every file in the directory and succeed on anything PEM-ish (it can't handle OpenSSL's 'trusted certificate' format). I'm not hon
Red Hat Certificate System Red Hat Satellite Subscription Asset Manager Red Hat Update Infrastructure Red Hat Insights tls: cannot open certdb '/etc/openldap/cacerts', error -8018:unknown pkcs #11 error. Ansible Tower by Red Hat Cloud Computing Back Red Hat CloudForms
Ldapsearch Ignore Certificate
Red Hat OpenStack Platform Red Hat Cloud Infrastructure Red Hat Cloud Suite Red Hat OpenShift Container tls: can't connect: tls error -5938:encountered end of file. Platform Red Hat OpenShift Online Red Hat OpenShift Dedicated Storage Back Red Hat Gluster Storage Red Hat Ceph Storage JBoss Development and Management Back Red Hat http://serverfault.com/questions/437546/centos-openldap-cert-trust-issues JBoss Enterprise Application Platform Red Hat JBoss Data Grid Red Hat JBoss Web Server Red Hat JBoss Portal Red Hat JBoss Operations Network Red Hat JBoss Developer Studio JBoss Integration and Automation Back Red Hat JBoss Data Virtualization Red Hat JBoss Fuse Red Hat JBoss A-MQ Red Hat JBoss BPM Suite Red https://access.redhat.com/solutions/200893 Hat JBoss BRMS Mobile Back Red Hat Mobile Application Platform Services Back Consulting Technical Account Management Training & Certifications Red Hat Enterprise Linux Developer Program Support Get Support Production Support Development Support Product Life Cycle & Update Policies Knowledge Search Documentation Knowledgebase Videos Discussions Ecosystem Browse Certified Solutions Overview Partner Resources Tools Back Red Hat Insights Learn More Red Hat Access Labs Explore Labs Configuration Deployment Troubleshooting Security Additional Tools Red Hat Access plug-ins Red Hat Satellite Certificate Tool Security Back Product Security Center Security Updates Security Advisories Red Hat CVE Database Security Labs Resources Overview Security Blog Security Measurement Severity Ratings Backporting Policies Product Signing (GPG) Keys Community Back Discussions Red Hat Enterprise Linux Red Hat Virtualization Red Hat Satellite Customer Portal Private Groups All Discussions Start a Discussion Blogs Customer Portal Red Hat Product Security Red Hat Access Labs Red Hat Insights All Blogs Events Customer Events Red Hat Summit Stories Red Hat Subscriptio
Megginson
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 6.2 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up OpenLDAP: TLS error -8179:Peer's Certificate issuer is not recognized up vote 4 down vote favorite 2 I'm not familiar with certificates and openldap. I'm trying to port someone elses work from an older OS to CentOS-6 with openldap-2.4.23. On the old OS, an ldap connection worked without issue. Now on CentOS-6, I get the following error when doing a simple bind: TLS error -8179:Peer's Certificate issuer is not recognized. My /etc/openldap/ldap.conf has a single line: TLS_CACERTDIR /etc/openldap/certs I tried commenting out that line and putting the following into the file but that didn't change the error message I received. tls_reqcert allow I also tried putting only the following line in ldap.conf but that didn't change the error. I tried this based on information found in this question. LDAPTLS_CACERT /etc/ssl/certs/ca-bundle.crt I copied files into the following directories: /etc/pki/tls/certs/ca.crt /etc/pki/tls/certs/server.crt /etc/pki/tls/private/server.key I have no choice but to use openldap-2.4.23. Any idea what is causing this error or what I can do to troubleshoot? Thanks in advance. SP ssl openldap share|improve this question edited Jul 31 '14 at 6:54 Yuvika 1,486715 asked Jul 30 '14 at 11:55 user3748237 33114 add a comment| 3 Answers 3 active oldest votes up vote 3 down vote I had the same error. In my case the reason was, that my client had the wrong certificate in /etc/ipa/ca.crt. To fix this, I just copied /etc/ipa/ca.crt from the KDC server to the client and the error disappeared. share|improve this answer answered Oct 22 '14 at 13:35 Niko 18019 add a comment| up vote 2 down vote As per http://www.zytrax.com/books/ldap/ch6/ldap-conf.html TLS_CACERT should point to the file containing the CA cert that the client will use to verify the certificate. You need to make sure the your servers CA [The CA