Dieter Kluenter wrote: > Rick Stevens <rps2(a)socal.rr.com&gt; writes: > >> I know this has been hashed over before, but I simply cannot get my >> LDAP clients to talk TLS/SSL to my LDAP server. I keep getting >> >> TLS certificate verification: Error, self signed certificate in >> certificate chain > This error may not be the culprit, if the error (or warning) is > referring to the CA. > What is the CN of the server certificate and what is the host part of > your search string? The CN of the server certificate is: CN=bigdog.hci.com/emailAddress=ricks@nerd.com The host part of the search is "-h bigdog.hci.com" > In order to debug the TLS session run ldapsearch with -d3 option. I never see it try to pick up the server's certificate, just the CA's and I see a "TLS trace: SSL3 alert write:fatal:unknown CA" error before it dies.