On Thursday, July 28, 2016 8:07:43 AM PDT, Nat Sincheler wrote:
On 7/27/2016 11:19 PM, Ulrich Windl wrote:
> Nachricht <991f77f9-fd05-eb9b-7f07-f350c4a7bc68(a)macrotex.net>:
% grep -R Certificate *.ldif
% directory2:/etc/ldap# openssl verify -CApath /etc/ssl/certs
So, the openssl command line can find the certificate chain.
Why can't openldap?
Of course, the problem is not in OpenLDAP but the SSL library that your
build of OpenLDAP is using. The chances are good that your build is using
GNUTLS. GNUTLS does not support a CA Certificate Path, you have to put all
of the CA cert chain in a single file and use olcTLSCACertificateFile
"Can't sing louder than the guns when I'm gone,
so I guess I'll have to do it while I'm here."