[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS CA Chain Problem

To: openldap-technical@openldap.org
Subject: Re: TLS CA Chain Problem
From: Iruwen <iruwen@gmx.net>
Date: Tue, 13 Oct 2009 09:06:48 +0200
In-reply-to: <4AD3997A.3060302@symas.com>
References: <4AD328DE.1040704@gmx.net> <4ABAC4B5D3DE72EE651103C3@[192.168.1.199]> <C39BDC1D33C64045C039F0D4@[192.168.1.199]> <4AD39334.6070404@gmx.net> <4B3DD632BC67DF247BBD7BFE@[192.168.1.199]> <4AD3997A.3060302@symas.com>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Howard Chu schrieb:

Quanah Gibson-Mount wrote:
--On Monday, October 12, 2009 10:36 PM +0200 Iruwen<iruwen@gmx.net>wrote:
---
Certificate chain
  0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=mydomain.de
    i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA
Limited/CN=PositiveSSL CA

I don't get it :(
Comodo's cert is signed by someone else, you have to add that issuerto the
CA chain.  And it changes periodically too, in my experience from using
their certs. So you need to examine their CA cert, and find whosigned it,
and then add that to the chain.

For example, the one I was using at one time, was signed by the GTE
CyberTrust CA, so I needed to have that cert in the chain in addition to
comodo's.
Judging from his debug output, that's not the issue here. The firstquestion you should have asked is - what OS, OpenLDAP version, and TLSlibrary?


I'm sorry: Debian 5.0 (lenny), OpenLDAP 2.4.11-1, GNU TLS 2.4.2-6.

References:
- TLS CA Chain Problem
  - From: Iruwen <iruwen@gmx.net>
- Re: TLS CA Chain Problem
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: TLS CA Chain Problem
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: TLS CA Chain Problem
  - From: Iruwen <iruwen@gmx.net>
- Re: TLS CA Chain Problem
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: TLS CA Chain Problem
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: TLS CA Chain Problem
Next by Date: Re: TLS CA Chain Problem
Index(es):
- Chronological
- Thread