--On November 19, 2007 10:36:36 AM -0800 "Keagle, Chuck" chuck.keagle@boeing.com wrote:
Be default, the SLES 9.3 slapd.conf defines the CA Cert like this:
TLSCACertificatePath /etc/ssl/certs
You didn't include that in your posted configuration, however. Always provide all of the relevant details.
That directory has lots of pem files in it with x509 symbolic links:
ls -C /etc/ssl/certs Password: 052eae11.0 6f5d9899.0 d4e39186.0 ICE-root.pem timCA.pem 18d46017.0 73912336.0 ddc328ff.0 ICE-user.pem tjhCA.pem 1e49180d.0 7651b327.0 dsa-ca.pem ICP-Brasil.pem vsign1.pem 1ef89214.0 8c401b31.0 dsa-pca.pem nortelCA.pem vsign2.pem 1f6c59cd.0 8caad35e.0 Equifax-root1.pem pca-cert.pem vsign3.pem 24867d38.0 91b8190d.0 expired RegTP-4R.pem vsignss.pem 2edf7016.0 a99c5886.0 f3e90025.0 RegTP-5R.pem vsigntca.pem 3ecf89a3.0 adbec561.0 f73e89fd.0 RegTP-6R.pem YaST-CA.pem 594f1775.0 b5f329fa.0 factory.pem rsa-cca.pem 69ea794f.0 c33a80d4.0 ICE-CA.pem thawteCb.pem 6bee6be3.0 ca-cert.pem ICE.crl thawteCp.pem
I think CA certs is set up correctly. Am I wrong about that?
As I recall, you said you used a self-signed cert. Is the CA cert that you used to sign it in /etc/ssl/certs? Is there an X509 hash for it in /etc/ssl/certs? If not, then no, it isn't set up correctly.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration