directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ashwin Kumar <ashwinkumar...@gmail.com>
Subject How to disable self-signed certificate validation?
Date Wed, 15 May 2013 07:37:52 GMT
I am using Apache Directory Studio and I have set up the server to run
securely on SSL.
This guide helped me getting it working:
http://directory.apache.org/apacheds/basic-ug/3.3-enabling-ssl.html

However, when I do use command line tools (ldapsearch)
I end up with:
"ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"

Enabling the debug logging for ldapsearch, I end up with
"TLS certificate verification: Error, self signed certificate"

C:\Users\Ashwin>ldapsearch -x -H ldaps://localhost:10636 -d 1
ldap_url_parse_ext(ldaps://localhost:10636)
ldap_create
ldap_url_parse_ext(ldaps://localhost:10636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:10636
ldap_new_socket: 472
ldap_prepare_socket: 472
ldap_connect_to_host: Trying ::1 10636
ldap_pvt_connect: fd: 472 tm: -1 async: 0
attempting to connect:
connect errno: 10061
ldap_close_socket: 472
ldap_new_socket: 472
ldap_prepare_socket: 472
ldap_connect_to_host: Trying 127.0.0.1:10636
ldap_pvt_connect: fd: 472 tm: -1 async: 0
attempting to connect:
connect success
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 18, subject:
/C=US/O=ASF/OU=ApacheD
S/CN=zanzibar, issuer: /C=US/O=ASF/OU=ApacheDS/CN=zanzibar
TLS certificate verification: Error, self signed certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:cert
ificate verify failed (self signed certificate).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

How do I get this working? Am I missing something?

--
Ashwin kumar
(http://ashwinkumar.me)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message