On Thu, 2011-12-22 at 22:54 -0500, Benjamin Reed wrote: > > This implies I guess the LDAP server isn't accepting this cert?
No, more that the client does not recognized the LDAP server's cert as trusted. It may be because the ca.crt that is downloaded has not been updated and so the client is getting the old ca.cert you had before the selfsign -> dogtag migration I helped you with some time ago. One thing you can test is if the ca.crt exposed via http is the same that is stored on the server in /etc/ipa/ca.crt > Is there a log that might explain what's going on on the server side? You can look into the dirsrv access log under /var/log/dirsrv/slpad-INSTANCE_NAME/access (the log is buffered so you may have to wait a few seconds before you see the log after the operation you want to monitor has been performed). Simo. > -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
