Where do I need to put a CA certificate so that Openldap can find it properly? I have openldap version 2.3.27 that was compiled using openssl support on a Solaris 10 machine. Trying to do secure LDAP transactions with ldapsearch results in
SSL initialization failed: error -8192 (An I/O error occurred during security authorization.)
Trying to do raw ssl connects (using openssl s_client -connect) fail saying it can't find the local issuer certificate, but if I include the -Cafile option to tell it exactly where the CA cert is, then it works fine. My ldap.conf has the following entries, and I have double and triple checked the paths and file names:
TLS_REQCERT never
TLS_CACERT /etc/sfw/openssl/certs/cacert.pem
TLS_CACERTDIR /etc/sfw/openssl/certs
--------------------------------------------------------------------
Aaron Smith Aaron.Smith@kzoo.edu
System Administrator (269) 337-7496
Kalamazoo College