Hello, I need to publish the GeoTrust intermediate certificate; I'm using 2.4.29 built against Mozilla NSS. In OpenSSL world, I'd use -- I think -- TLSCACertificateFile /path/to/CA-certificates. Here's what I've tried:
Download GeoTrust cert from https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422 ; save as intermediate.crt Import with: # certutil -d /etc/openldap/nssdb/ -A -t ",," -n geotrust-intermediate -i intermediate.crt Certutil -L now shows: # certutil -d /etc/openldap/nssdb/ -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI geotrust-intermediate ,, ds.clarku.edu Pu,Pu,Pu cn=config looks like this: olcTLSCACertificateFile: geotrust-intermediate olcTLSCACertificatePath: /etc/openldap/nssdb olcTLSCertificateFile: ds.clarku.edu But still clients cannot verify the cert. Any Mozilla NSS guru's know what I'm going wrong? Thanks, Aaron
