On Fri, 29 Jul 2011, Francis Swasey wrote:
I have searched the faq-o-matic, google, the admin guide, and I
cannot
find any documentation that will allow me to set up my OpenLDAP 2.4.25
server using an SSL certificate that was issued from a CA that uses
intermediate certificates (by, which I mean to indicate any commercial
SSL cert company currently selling certs).
Apache has the SSLCertificateChainFile directive to handle this.
OpenLDAP seems to be lacking this functionality.
I have tried placing both the server certificate and the intermediate
certificate in the same file. OpenLDAP won't start if I put the
intermediate certificate first, and openssl fails to verify the
certificate chain if I put the server certificate first in the file.
Have I missed something obvious or has OpenLDAP really forced me into
the position of needing to add the intermediate certificate from my SSL
CA Vendor into my trusted store on all my clients?
It's a CA cert; have you tried adding it to the file specified by the
TLSCACertificateFile option?
Philip Guenther