I found out that the problem was double encrypting of the connection:
It works now if I set TLSVerifyClient to max. allow on the consumer side. All stronger configurations end in: CA unknown.
Thanks anyway
Angela
Here the concerning parts of the slapd.conf: ***************************************************************** master: ...
... TLSCACertificateFile /etc/ldap/certs/cacert.pem TLSCACertificatePath /etc/ldap/certs TLSCertificateFile /etc/ldap/certs/erde.aag_cert.pem TLSCertificateKeyFile /etc/ldap/certs/erde.aag_key.pem
TLSVerifyClient demand
***************************************************************** slave:
TLSCACertificateFile /etc/ldap/certs/cacert.pem TLSCACertificatePath /etc/ldap/certs TLSCertificateFile /etc/ldap/certs/mond.aag_cert.pem TLSCertificateKeyFile /etc/ldap/certs/mond.aag_key.pem
################## TLSVerifyClient demand ##################
This has to be set to max allow.