Problems connecting with SSL and certificate to a DSA instance
search cancel

Problems connecting with SSL and certificate to a DSA instance

book

Article ID: 380016

calendar_today

Updated On:

Products

CA Directory

Issue/Introduction

Error seen in logs is:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


dsa> Accepting call from TCP <IP>:<PORT>
GetRemoteHostName:Skipping local host-name validation
STATE: SSL3 alert read: fatal: unknown CA
STATE: SSL_accept: failed in error
Warning: SSL Error
Warning: 7eff0009db98- 15030300 020230 ......0
Warning: 0:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1498:SSL alert number 48
0:error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure:s3_pkt.c:1216:
Warning: ssld_ssl_request failed
Warning: TLS/SSL handshake failed for call from <IP>:<PORT>

Environment

CA Directory 14.1.X

Resolution

Command did not contain Root CA cert to be checked by ldapsearch client against server certificate.

This can be set permanently in ldapsearch config file under:

TLS_CACERT

see ldapsearch documentation here.