On 7/29/11 3:09 PM, Philip Guenther wrote:
On Fri, 29 Jul 2011, Francis Swasey wrote:
> I have tried placing both the server certificate and the intermediate
> certificate in the same file. OpenLDAP won't start if I put the
> intermediate certificate first, and openssl fails to verify the
> certificate chain if I put the server certificate first in the file.
>
> Have I missed something obvious or has OpenLDAP really forced me into
> the position of needing to add the intermediate certificate from my SSL
> CA Vendor into my trusted store on all my clients?
It's a CA cert; have you tried adding it to the file specified by the
TLSCACertificateFile option?
Well, I never looked at it that way. Yes, adding the intermediate
certificate to the file pointed to by the TLSCACertificateFile option on
the OpenLDAP server appears to have worked.
Thanks,
Frank