Yes, I double checked ldap.conf and its pointing to cacert.pem directive. BASE dc=curry,dc=edu URI ldaps://ldap-ssl.curry.edu TLS_REQCERT allow #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 TLS_CACERTDIR /opt/local/etc/openldap/cacert.pem
Thanks -----Original Message----- From: Aaron Richton [mailto:[email protected]] Sent: Monday, October 15, 2012 11:45 AM To: Darouichi, Aziz Cc: [email protected] Subject: Re: SSL/TLS issue On Mon, 15 Oct 2012, Darouichi, Aziz wrote: > TLS trace: SSL3 alert write:fatal:unknown CA Did you (try to) configure the CA on your client (i.e. in ldap.conf or similar)? For example, a "TLS_CACERT" or "TLS_CACERTDIR" directive that points to the appropriate CA certificate. See also ldap.conf(5) man page.
