[Date Prev][Date Next]
Re: (ITS#5993) slapo-chain TLS issues
> Master log file when slapo-chain runs
> TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca.
> Slave log file when slapo-chain runs
> TLS: can't connect: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
To me both messages look like the trusted CA cert (directory) is not
> I had the same problem with LUMA and that problem went away when I put the
> starttls=critical in the chain-idassert-bind
Hmm, are you sure you didn't add "tls_cacertdir=/etc/openldap/cacerts"
to chain-idassert-bind at the same time when testing?