--On Wednesday, July 19, 2017 7:51 PM +0100 Brad braduk1973@gmail.com wrote:

Thanks for the replies Michael and Quanah, appreciated.

Here's some log output showing the content of one of the failed entries:

cACertificate;binary: 308204423082032AA00302010202010... cACertificate;binary: 3082039C30820284A00302010202010...

Looks like the repeated cACertificate attributes do actually have different values.

May depend on the verification routines for CACertificate binary data. Do the two CA's have the same subject line? I haven't dug into the code yet to see how it does the comparison for these values, so it could be way off base.

(Note: apologies for any duplicate messages, I'm having issues getting my posts to register with the mailing list)

The list is moderated. It may just take a bit for a moderator to approve.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com