ldapsearch fails to connect via TLS to LDAP server with self-signed certificate without Basic Constraint Extension

Solution Verified - Updated -

Issue

ldapsearch using Transport Layer Security (TLS) (ie. -Z option) on Red Hat Enterprise 6 results in the following message, even with "TLS_REQCERT never" set in /etc/openldap/ldap.conf.

 # ldapsearch -x -Z -H ldap://xxx.xxx.xxx.xxx/ -b "dc=xxx,dc=xxx" -D "cn=xxx,ou=xxx,dc=xxx,dc=xxx" -W
 ldap_start_tls: Connect error (-11)
         additional info: TLS error -8157:Certificate extension not found.
 Enter LDAP Password:
 ldap_result: Can't contact LDAP server (-1)

Environment

Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In