1 Reply Latest reply: Mar 14, 2013 12:09 PM by HenriHoffmann
HenriHoffmann Level 1 (0 points)

even openssl s_client -connect ...:636 returned


verify return:1


No client certificate CA names sent


SSL handshake has read 1518 bytes and written 456 bytes


New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE


    Protocol  : TLSv1

    Cipher    : AES256-SHA

Key-Arg   : None

    Start Time: 1363044139

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)


Connect to OD without SSL works fine.


Anybody else?



  • HenriHoffmann Level 1 (0 points)



    here are some more informations about the problem.


    The root CA certificate is imported as trusted in the system keychain of the server and the client. A certificate evaluation returns "valid certificates, trusted ...".


    The client bind fails with this messages, e.g. Kerio Control is able the use LDAPS, so it seams just the problem with the trustability of the certificates. Keychain trusts the certificates, OD client bind not, this is not so consistent.


    Any idee?





    2013-03-14 19:39:02.776804 CET - Trigger - notified opendirectoryd:nodes;lastServerChanged;/LDAPv3/ldaps://macpro....:636

    2013-03-14 19:39:02.793467 CET - 71825.330426.330427, Module: AppleODClientLDAP - unable to create connection to LDAP server - ldap_search_ext_s for the ro

    otDSE failed with error 'server connection failed' (-1) error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed cert

    ificate in certificate chain)

    2013-03-14 19:39:02.793501 CE



    depth=1 /C=DE/...


    Certificate chain

    0 s:/CN=macpro...



    verify error:num=19:self signed certificate in certificate chain

    verify return:0