I installed my Ca-cert like this:
chmod 644 /usr/local/share/ca-certificates/root-ca.crt && update-ca-certificates
this is successful but somehow ldapsearch with ldaps still won't connect to the server (Can’t contact LDAP server). without ssl the same command works.
/etc/ldap/ldap.conf:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
in this file I can find the correct certificate. also I can find it here:
/etc/ssl/certs/root-ca.pem
openssl tells me:
Verification: OK
when I run this command:
openssl s_client -connect my.domain.tld:7636
my ldapsearch-command:
ldapsearch -H ldaps://portal.domain.tld:7636 -b "dc=domain,dc=tld" -D "uid=mysynchuzer,CN=Users,DC=domain,DC=tld" -x -w MYPW
UPDATE: I tried openssl s_client command with -CAfile /etc/ssl/certs/ca-certificates.crt
which results in an error:
140568237548864:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:../crypto/asn1/asn1_lib.c:91:
140568237548864:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header:../crypto/asn1/tasn_dec.c:1137:
140568237548864:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:572:
140568237548864:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:614:
140568237548864:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:Field=subject, Type=X509_CINF
140568237548864:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:646:Field=cert_info, Type=X509
140568237548864:error:0907400D:PEM routines:PEM_X509_INFO_read_bio:ASN1 lib:../crypto/pem/pem_info.c:196:
140568237548864:error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib:../crypto/x509/by_file.c:205:
0 Answers