On Fri, 29 Jul 2011, Francis Swasey wrote: > I have searched the faq-o-matic, google, the admin guide, and I cannot > find any documentation that will allow me to set up my OpenLDAP 2.4.25 > server using an SSL certificate that was issued from a CA that uses > intermediate certificates (by, which I mean to indicate any commercial > SSL cert company currently selling certs). > > Apache has the SSLCertificateChainFile directive to handle this. > OpenLDAP seems to be lacking this functionality. > > I have tried placing both the server certificate and the intermediate > certificate in the same file. OpenLDAP won't start if I put the > intermediate certificate first, and openssl fails to verify the > certificate chain if I put the server certificate first in the file. > > Have I missed something obvious or has OpenLDAP really forced me into > the position of needing to add the intermediate certificate from my SSL > CA Vendor into my trusted store on all my clients?
It's a CA cert; have you tried adding it to the file specified by the TLSCACertificateFile option? Philip Guenther
