Hi!
I used "openssl verify" to verify both certificates, using both, -CApath and -CAfile, and both certificates were "OK". I ran those commands as "root", but I also verified that certificate and key can be read as "ldap".
Kind regards, Ulrich Windl
-----Original Message----- From: Philip Guenther pguenther@proofpoint.com Sent: Thursday, March 6, 2025 8:48 AM To: Windl, Ulrich u.windl@ukr.de Cc: noloader@gmail.com; openldap-technical@openldap.org Subject: [EXT] RE: Re: Getting details for "TLS trace: SSL3 alert read:fatal:unsupported certificate"
On Wed, 5 Mar 2025, Windl, Ulrich wrote:
thanks! Actually that's what I did: Comparing the data of the certificate that
worked with that which does not.
I could not find any relevant difference.
The error being reported is from the OpenSSL library, not from OpenLDAP itself. The certs, or some CA the failing cert would chain through, are different in some way that _is_ relevant.
Philip Guenther