Thanks for your reply Dieter.
On Tue, Oct 07, 2008 at 09:03:21PM +0200, Dieter Kluenter wrote:
John Gee john@kleinfeld.ch writes:
-( solaris 10 - client )----
[...]
# list cert-db certutil -L -d /var/ldap ca-cert CT,, ldap02.kleinfeld.ch C,, ldap01.kleinfeld.ch C,,
The server presents the server certificate (ldap01.kleinfeld.ch), the ldap client presents the CA but the server expects a client certificate. Change slapd.conf not to verfiy a client certificate.
Well, i already have "TLSVerifyClient never" entry in slapd.conf. I think there must be a option on client side (Solaris 10 native client). When using openLDAP Client with the following options in ldap.conf it works (but not with the native client) TLS_CACERT /etc/ssl/certs/cacert.pem TLS_REQCERT never
- John