Quanah Gibson-Mount quanah@symas.com schrieb am 21.10.2021 um 19:29 in
Nachricht <125627C2D6AF4AE00EF3FCDF@[192.168.1.11]>:
--On Thursday, October 21, 2021 7:54 PM +0300 Nick Milas nick@eurobjects.com wrote:
On 21/10/2021 6:39 μ.μ., Nick Milas wrote:
From the journal, some excerpts (it is very long):
My fault: I copied parts from the journal before the restart :(
Here is the actual log after restart:
The client side still says it can't validate the cert. As long as the client can't validate the cert, you won't be able to establish TLS.
From your ldapwhoami output:
TLS certificate verification: depth: 0, err: 20, subject: /C=GR/ST=Attik\xC3\xAD/L=Athens/O=National Observatory of Athens/CN=ldap1.noa.gr, issuer: /C=NL/O=GEANT Vereniging/CN=GEANT OV RSA CA
4 TLS certificate verification: Error, unable to get local issuer certificate
Maybe use openssl x509 to display the certificate chain, looking for problems, and use the "verify" of openssl to check the certificate (chain). And show us the results ;-)
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com