Hi Oliver.
OpenLDAP with NSS. What version? Is that Fedora?
----- Original Message -----
$ ldapsearch -ZZ -D uid=guillard,ou=staff,ou=people,dc=example,dc=fr -W uid=guillard -h ldap2.th3.example.fr ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Unknown code ___f 20
SEC_ERROR_UNTRUSTED_ISSUER (Peer's certificate issuer has been marked as not trusted by the user.)
olcTLSCACertificateFile /etc/openldap/cacerts/CA.crt olcTLSCertificateFile /etc/openldap/cacerts/server.crt olcTLSCertificateKeyFile /etc/openldap/cacerts/server.key olcTLSCipherSuite HIGH
TLS: error: accept - force handshake failure: errno 11 - moznss error -12195 TLS: can't accept: TLS error -12195:Unknown code ___P 93.
SSL_ERROR_UNKNOWN_CA_ALERT (Peer does not recognize and trust the CA that issued yourcertificate.
-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----
"openssl x509 -in yourcert.pem -text" gives me:
unable to load certificate 139832255481664:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150: 139832255481664:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306: 139832255481664:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_VAL 139832255481664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=validity, Type=X509_CINF 139832255481664:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=cert_info, Type=X509 139832255481664:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: