I have created a set of self signed certs for my master and a slave. Clients can connect to either with the cert installed on the client but I am having trouble getting them to talk to each over TLS. I want the master to replicate to the slave over TLS but can't get it to work. Strangely I have it working the other way; the slave can bind to the master over TLS but the master cannot bind to the slave. I have TLS_CACERTDIR set correctly with the certs installed in that location (with symlinks being created) but I am still getting the self signed cert error when trying to bind.
Debig output:
TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 0, err: 18, subject: ........ TLS certificate verification: Error, self signed certificate TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_perror ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed