25 Jul
2016
25 Jul
'16
10:06 a.m.
We have an OpenLDAP server that is listening on port 636 over ldaps. When I run
openssl s_client -showcerts -connect ldap-server:636
I only see the host certificate. The intermediate and root certificates do *not* come through.
For this server I have in the file slapd.d/cn=config.ldif the setting
olcTLSCACertificatePath: /etc/ssl/certs
I checked and all the intermediate and root certificates are in /etc/ssl/certs soft-linked via the usual OpenSSL rehash hash, e.g.,
lrwxrwxrwx 1 root root 42 Jul 14 19:03 b4261fc2.0 -> /etc/ssl/certs/incommon-usertrust-2024.pem
Any idea why the intermediate and root certificates do not get sent to the LDAPS client? Is there something in the LDAP log that might give me a clue as to what is going on?