Certificate verification: "openssl" return ok, while "getent passwd" returns error
Kenneth Holter
kenneho.ndu at gmail.com
Thu Mar 4 14:53:00 UTC 2010
Hello all.
I'm faced with an openssl issue I'm not sure how to debug. In the
"/etc/ldap.conf" file on my RHEL server I've set "tls_checkpeer" to "yes",
and find that running "openssl s_client -connect <ldapserver>:636 -showcerts
-CAfile CA-certificate.crt" returns ok (i.e "verified), while issuing "getent
passwd someuser" returns "TLS certificate verification: Error, certificate
signature failure". Both "ldap.conf" and the openssl-command above points to
the same "CA-certificate.crt" file. I don't understand how come the openssl
command accepts the certificate, while the getent command doesn't. Any
advice on how to proceed debugging this is greatly appreciated.
Regards,
Kenneth Holter
More information about the redhat-list
mailing list