Help with FC15, ldap/ssl, and certs from CAcert.org
Bobby Krupczak
rdk at krupczak.org
Wed Aug 10 01:32:15 UTC 2011
Hi!
Just upgrading one client machine to FC15.
I have a variety of FC version throughout my network all
authenticating with LDAP over ssl.
I've configured the FC15 client to use ldaps and ssd and its not
working. The ldap server uses a certificate from CAcert.org which
earlier versions of FC have always eaten just fine after adding the
proper root cert to /etc/pki/tls/cert.pem
In FC15, I also noticed that ldapsearch would not work, giving me an
error.
When I added debugging, I get the following error:
TLS: certificate [E=support at cacert.org,CN=CA Cert Signing
Authority,OU=http://www.cacert.org,O=Root CA] is not valid - error
-8172:Unknown code ___f 20.
TLS: error: connect - force handshake failure: errno 0 - moznss error
-8172
TLS: can't connect: TLS error -8172:Unknown code ___f 20.
I've added the CAcert.org root cert in the same location and am now
getting this error.
I'll bet this error is also preventing my sssd from communicating with
my ldap server.
Does anyone know why FC15 would be giving me this error?
Thanks,
Bobby
More information about the users
mailing list