ldapsearch doesn't seem to have any issues. I went from master to consumer, consumer to master, and consumer to consumer. Returns data. Here's the TLS lines from debugging:
TLS trace: SSL_connect:before SSL initialization TLS trace: SSL_connect:SSLv3/TLS write client hello TLS trace: SSL_connect:SSLv3/TLS write client hello TLS trace: SSL_connect:SSLv3/TLS read server hello TLS trace: SSL_connect:TLSv1.3 read encrypted extensions TLS trace: SSL_connect:SSLv3/TLS read server certificate request TLS certificate verification: depth: 3, err: 0, subject: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority, issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority TLS certificate verification: depth: 2, err: 0, subject: /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46, issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority TLS certificate verification: depth: 1, err: 0, subject: /C=US/O=InCommon, LLC/CN=InCommon RSA OV SSL CA 3, issuer: /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46 TLS certificate verification: depth: 0, err: 0, subject: /C=US/ST=New Jersey/O=Rutgers, The State University of New Jersey/CN=idm-ldap-abusec101-prod-asb.ei.rutgers.edu, issuer: /C=US/O=InCommon, LLC/CN=InCommon RSA OV SSL CA 3 TLS trace: SSL_connect:SSLv3/TLS read server certificate TLS trace: SSL_connect:TLSv1.3 read server certificate verify TLS trace: SSL_connect:SSLv3/TLS read finished TLS trace: SSL_connect:SSLv3/TLS write change cipher spec TLS trace: SSL_connect:SSLv3/TLS write client certificate TLS trace: SSL_connect:SSLv3/TLS write finished TLS trace: SSL_connect:SSL negotiation finished successfully TLS trace: SSL_connect:SSL negotiation finished successfully TLS trace: SSL_connect:SSLv3/TLS read server session ticket TLS trace: SSL_connect:SSL negotiation finished successfully TLS trace: SSL_connect:SSL negotiation finished successfully TLS trace: SSL_connect:SSLv3/TLS read server session ticket TLS trace: SSL3 alert write:warning:close notify Nothing odd in the rest of the output. The only thing that is failing is replication. Also, tls_reqcert settings are similar, either demand or try in both slapd.conf and ldap.conf. -ds
