*This case:* Setup OpenLDAP using TLS/SSL on SLES11 SP1

*My problem:* When I test certificate for TLS/SSL
Error: verify error:num=19:self signed certificate in certificate
chain, BUT from log message (var/log/message) show: slapd[4784]:
conn=1005 fd=15 TLS established tls_ssf=256 ssf=256

*Note:* Step for setup CA is success!!!



Code:
--------------------

openssl s_client -connect myhost.mydomain.local:636 -showcerts -state

--------------------


CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=TH/ST=BangNOC/L=Service
Center/O=NOC/OU=IT/CN=myhost.mydomain.local/emailAddress=ca@mydomain.com

verify error:num=19:self signed certificate in certificate chain

verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
----------------------------------------------------------------------------
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
7ABA0C0831441B98BCE9097F0F0F913D1B6A67ABE8FBB167D1 4855CA2310611E
Session-ID-ctx:
Master-Key:
79C3CF579194D623CC80C5141DB3B8215E6DF384F25E060848 A6E7BABB15A433CBE205C67142670EC4CAD08BA6B3B786
Key-Arg : None
Start Time: 1328371622
Timeout : 300 (sec)

Verify return code: 19 (self signed certificate in certificate
chain)

---


One question this is encrypted TLS communication work or not?


Thank you,


--
sled1983
------------------------------------------------------------------------
sled1983's Profile: http://forums.novell.com/member.php?userid=123367
View this thread: http://forums.novell.com/showthread.php?t=451847