Did you check with openssll s_client ? Just try openssl s_client -connect hostname:port -showcerts -CAfile < CAceritificate> Regards Arava
On Thu, Apr 8, 2010 at 7:25 PM, Götz Reinicke - IT Koordinator < goetz.reini...@filmakademie.de> wrote: > Hallo and one more thing, > > recently I started to set up a master/slave OpenLDAP system with > tls/certs. (Red Hat 5.x, openssl-0.9.8e-12, openldap-2.3.43-3 ) > > For that pourpose I set up a CA, generated certs, requests and keys, > installed tham on the corresponding servers and my OS X client and my > ldapservers communicate nearly as I expected. > > So dose my local ldap client (Apache Directory Studio (ADS) on mac OS X > 10.6.x ). > > Nearly, because the servers and the ADS client both alert me, that I use > invalide certificates and the cerificate can't be validated. > > But I have e.g. on the Mac imported my ca cert in the Macs keychain > (once for sytem resp. for login) and the use for everything (ssl, IPsec, > X.509, ...) is set to trust. > > May be I did something wrong or what may I check and how? > > Thanks a lot and best regards, > > Götz > -- > Götz Reinicke > IT-Koordinator > > Tel. +49 7141 969 420 > Fax +49 7141 969 55 420 > E-Mail goetz.reini...@filmakademie.de > > Filmakademie Baden-Württemberg GmbH > Akademiehof 10 > 71638 Ludwigsburg > www.filmakademie.de > > Eintragung Amtsgericht Stuttgart HRB 205016 > Vorsitzende des Aufsichtsrats: > Prof. Dr. Claudia Hübner > > Geschäftsführer: > Prof. Thomas Schadt > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
