Where do I need to put a CA certificate so that Openldap can find it properly?  I have openldap version 2.3.27 that was compiled using openssl support on a Solaris 10 machine.  Trying to do secure LDAP transactions with ldapsearch results in

SSL initialization failed: error -8192 (An I/O error occurred during security authorization.)

 

Trying to do raw ssl connects (using openssl s_client –connect) fail saying it can’t find the local issuer certificate, but if I include the –Cafile option to tell it exactly where the CA cert is, then it works fine.  My ldap.conf has the following entries, and I have double and triple checked the paths and file names:

 

TLS_REQCERT never

TLS_CACERT /etc/sfw/openssl/certs/cacert.pem

TLS_CACERTDIR /etc/sfw/openssl/certs

 

 

--------------------------------------------------------------------

Aaron Smith                Aaron.Smith@kzoo.edu

System Administrator   (269) 337-7496

Kalamazoo College