[389-users] TLS handshake failure
Marc Sauton
msauton at redhat.com
Mon Jan 9 22:41:36 UTC 2012
Review the 389 DS errors log file, and the config, it seem like TLS did
not start.
Use the console UI a first time to review the working configuration,
just for a test, and compare with the manual settings.
M.
On 01/09/2012 02:33 PM, Iain Morgan wrote:
> Hello,
>
> I'm attempting to configure 389 DS v1.2.9.14 on RHEL 6.2 to use TLS with
> a certificate issued by a CA. I was previously able to configure TLS
> support using a self-signed certificate on a test system using 389 DS
> 1.2.8.2, but I am not having any success with the CA-issued certificate.
>
> Using the GUI is not an option, but I have used certutil to create the
> key/certificate databases, generate a CSR, and subsequently install the
> CA certificate and the signed SSL certificate.
>
> The server has been configured to use the certificate and the LDAPS
> listener has been enabled. The server starts up without complaint and
> the error log shows that it is listening on both port 389 and 636.
> However, attempts to connect to the LDAPS port fail:
>
> ds1.imorgan % openssl s_client -connect localhost:636
> CONNECTED(00000003)
> 140218505807688:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:184:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 113 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
> ds1.imorgan %
>
> Unfortunately, there do not appear to be any log messages which indicate
> the source of the problem. I've played with the trust flags for the
> certificate and have even tried re-importing it; all to no avail.
>
> Any help would be appreciated.
>
> Thanks
>
More information about the 389-users
mailing list