Frank Swasey wrote:
On 7/29/11 3:09 PM, Philip Guenther wrote:
> On Fri, 29 Jul 2011, Francis Swasey wrote:
>> I have tried placing both the server certificate and the intermediate
>> certificate in the same file. OpenLDAP won't start if I put the
>> intermediate certificate first, and openssl fails to verify the
>> certificate chain if I put the server certificate first in the file.
>> Have I missed something obvious or has OpenLDAP really forced me into
>> the position of needing to add the intermediate certificate from my SSL
>> CA Vendor into my trusted store on all my clients?
> It's a CA cert; have you tried adding it to the file specified by the
> TLSCACertificateFile option?
Well, I never looked at it that way. Yes, adding the intermediate
certificate to the file pointed to by the TLSCACertificateFile option on
the OpenLDAP server appears to have worked.
Amaazing what trouble you could save yourself if you actually read the
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/