Re: Antw: Intermediate certificates not being sent

28 Jul 2016


      On Thursday, July 28, 2016 8:07:43 AM PDT, Nat Sincheler wrote:
...
On 7/27/2016 11:19 PM, Ulrich Windl wrote:
...
...
...
...
...
Nachricht 991f77f9-fd05-eb9b-7f07-f350c4a7bc68@macrotex.net:
 ...
%  grep -R Certificate *.ldif
olcTLSCACertificatePath: /etc/ssl/certs
olcTLSCertificateFile: /etc/ssl/certs/server.pem
olcTLSCertificateKeyFile: /etc/ssl/private/server.key
% directory2:/etc/ldap# openssl verify -CApath /etc/ssl/certs 
-verbose /etc/ssl/certs/server.pem
/etc/ssl/certs/server.pem: OK
So, the openssl command line can find the certificate chain. 
Why can't openldap?
Of course, the problem is not in OpenLDAP but the SSL library that your 
build of OpenLDAP is using.  The chances are good that your build is using 
GNUTLS. GNUTLS does not support a CA Certificate Path, you have to put all 
of the CA cert chain in a single file and use olcTLSCACertificateFile 
instead.
Bill
-- 
"Can't sing louder than the guns when I'm gone,
so I guess I'll have to do it while I'm here."

Phil Ochs

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: Antw: Intermediate certificates not being sent