This is the link I followed to create the CA and sigh it http://www.openldap.org/pub/ksoper/OpenLDAP_TLS.html#7.0
if I run cert check from client using the following openssl s_client -connect ldap-ssl.curry.edu:636 -CApath /opt/local/etc/openldap/caert.pem I get a response. Verify return code: 19 (self signed certificate in certificate chain) What else am I missing? Thanks, Aziz -----Original Message----- From: Aaron Richton [mailto:[email protected]] Sent: Monday, October 15, 2012 12:06 PM To: Darouichi, Aziz Cc: [email protected] Subject: RE: SSL/TLS issue On Mon, 15 Oct 2012, Darouichi, Aziz wrote: > TLS_CACERTDIR /opt/local/etc/openldap/cacert.pem Not that I want to impose my filename conventions on you, but usually if I had a "cacert.pem" it would be a file, not a directory...and as such, it would be TLS_CACERT instead of TLS_CACERTDIR? Was this intentional? If it is a directory and you're using OpenSSL, did you remember to do the OpenSSL directory hashing magic?
