Quanah Gibson-Mount wrote:
--On Monday, October 12, 2009 10:36 PM +0200 Iruweniruwen@gmx.net wrote:
Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mydomain.de i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=PositiveSSL CA
I don't get it :(
Comodo's cert is signed by someone else, you have to add that issuer to the CA chain. And it changes periodically too, in my experience from using their certs. So you need to examine their CA cert, and find who signed it, and then add that to the chain.
For example, the one I was using at one time, was signed by the GTE CyberTrust CA, so I needed to have that cert in the chain in addition to comodo's.
Judging from his debug output, that's not the issue here. The first question you should have asked is - what OS, OpenLDAP version, and TLS library?