u013945470
石坚强
采纳率0%
2015-09-23 08:35 阅读 3.3k

openldap+ssl配置服务器和客户端的双向认证问题!弄了一个星期了,大神来看看吧!在线等

TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL3 alert read:fatal:bad certificate
TLS trace: SSL_connect:failed in SSLv3 read finished A
TLS: can't connect: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate.
ldap_err2string
ldap_start_tls: Can't contact LDAP server (-1)
additional info: error:14094412:SSL routines:**SSL3_READ_BYTES:sslv3 alert bad certificate**

服务端的配置文件slapd.conf:
{
                        *******
                        TLSVerifyClient demand
                        *******
}

TLSVerifyClient的参数设为demand后,服务器和客户端的认证就出错了。
设为allow是没有问题的
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • mhpmii mhpmii 2015-09-24 03:19

    打开证书看一下密钥用法里面有没有客户端验证,换一套证书试一下

    点赞 评论 复制链接分享

相关推荐