0

I'm trying to setup an LDAP server with ldaps support. The server is hosted on ec2 and it has a domain name on route 53. I got an SSL certificate for the route 53 domain (say example.com). When i try to connect using ldaps from an ldap client, I get the following error.

TLS: certificate [CN=ip-xx-xx-xx-xxx.ec2.internal] is not valid - CA cert is not valid TLS: certificate [CN=ip-xx-xx-xx-xxx.ec2.internal] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user.. TLS: error: connect - force handshake failure: errno 21 - moznss error -8172 TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Problem is ldap resolves to the internal ip of the ec2 instance. How do i fix this issue?

Ananth Ravi
  • 125
  • 4

1 Answers1

1

The problem is not resolution - it is that the certificate the LDAP server is presenting to the client is not trusted. You need to do one of three things:
1) Issue a certificate to EC2 from the enterprise CA if you have one.
2) Install the certificate from EC2 on the ldaps client so the client trusts the cert.
3) Purchase a 3rd party cert from a trusted CA so the client automatically trusts the cert.

Paul Ackerman
  • 2,729
  • 1
  • 16
  • 23
  • I have a certificate from Digicert and that's what am using to enable ldaps. – Ananth Ravi Sep 05 '14 at 20:12
  • it was a config mistake on the server. thanks! though i keep getting this error TLS: error: connect - force handshake failure: errno 0 - moznss error -5938 TLS: can't connect: TLS error -5938:Encountered end of file. – Ananth Ravi Sep 05 '14 at 23:33