Hi!

I have a related question: I replaced our certificate with a refreshed one 
(keeping the key and filename).
Does OpenLDAP cache the certificate, or does it read it anew every time it's 
needed (i.e.: do I have to restart the server?)? I'm using cn=config, just in 
case.

Kind regards,
Ulrich Windl

> -----Original Message-----
> From: [email protected] <[email protected]>
> Sent: Wednesday, May 13, 2026 7:32 PM
> To: [email protected]
> Subject: [EXT] issue with new cert (now using CN = InCommon RSA OV SSL CA
> 3)
> 
 
> At the moment, I still update LDAP certificates by hand.  All previous certs
> used "C = US, O = Internet2, CN = InCommon RSA Server CA 2" but on May
> 4th, moved to "C = US, O = "InCommon, LLC", CN = InCommon RSA OV SSL CA
> 3".  I had to generate a new cert after that date... so I added in the new CA
> certs into my CACert file on both ends.  But replication is failing with the 
> new
> cert, works fine with the old cert:
> 
>   May 13 13:26:21 HOSTNAME slapd[4076661]: slap_client_connect:
> URI=ldap://master_vip_name/ ldap_sasl_interactive_bind_s failed (-1)
>   May 13 13:26:21 HOSTNAME slapd[4076661]: do_syncrepl: rid=101 rc -1
> retrying
> 
> Tried changing tls_reqcert to never in ldap.conf and in the syncrepl and that
> didn't change anything.  If I move back to the old cert (expires tomorrow)
> replication works again so probably not a password issue.
> 
> Any suggestions for debugging this further?
> 
> thanks,
> ds

Reply via email to