-----Original Message----- From: Rich Megginson [mailto:rich.megginson@gmail.com] Sent: Monday, February 27, 2012 10:57 AM To: Aaron Bennett Cc: openldap-technical@openldap.org Subject: Re: Mozilla NSS -- how to deploy intermediate certificate
Rich, can you give me some more direction on how to verify that the intermediate certificate is properly deployed?
On the client: certutil -d /path/to/nss-cert-db-directory -L --------------
Rich, you aren't getting what I'm asking...
If I run: "certutil -d /etc/openldap/nssdb/ -L " on the server, it works, and if I try to connect to it from the server using the ldap clients (like ldapwhomi or ldapsearch or whatever) it works.
But, the client is a different computer, in this case, a Windows 7 box running Apache Directory Studio, or an ubuntu workstation running GnuTLS, or whatever, and they don't work -- I get " TLS: peer cert untrusted or revoked (0x42)."