I am failing to authenticate through ldap proxy and I am seeing this error coming in continuously
TLS certificate verification: Error, self signed certificate in certificate chain
TLS: can't connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain).
Any suggestions how to resolve this?
Here is my slapd.conf.
### Schema includes ##########################################################
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
## Module paths ##############################################################
modulepath /usr/lib64/openldap/
moduleload back_ldap
# Main settings ###############################################################
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
sizelimit unlimited
TLSCACertificateFile /root/data/certs/ldap.crt
TLSCertificateFile /root/data/certs/ldap.crt
TLSCertificateKeyFile /root/data/certs/ldap.key
### Database definition (Proxy to Corp LDAP) #########################################
database ldap
readonly yes
protocol-version 3
rebind-as-user yes
uri "ldaps://192.168.1.100:636"
suffix "ou=People,dc=example,dc=net"
### Logging ###################################################################
loglevel 0
It had been working until last week when IT changed there ldap certificate
I generate the certificate using this command
So I recreated against the same IT ldap server, so I do have the new cert and keys produced same way as before.
All new authentication are failing now.
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer:
pgp.mit.eduA: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?