[Date Prev][Date Next]
Re: (ITS#5997) slapo-chain TLS issues
I take this ITS number since it seems you filed the same issue four
times. AFAICS the others (ITS#5993, ITS#5995 and ITS#5996) should be
ignored by everyone responding.
> Master log file when slapo-chain runs
> TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca.
> Slave log file when slapo-chain runs
> TLS: can't connect: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
To me both messages look like the trusted CA cert (directory) is not
> I had the same problem with LUMA and that problem went away when I put the
> starttls=critical in the chain-idassert-bind
Hmm, are you sure you didn't add "tls_cacertdir=/etc/openldap/cacerts"
to chain-idassert-bind at the same time when testing?