[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5993) slapo-chain TLS issues

duramaxlb7@gmail.com wrote:
> Master log file when slapo-chain runs
> ---------------
> TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca.
> Slave log file when slapo-chain runs
> -----------------
> TLS: can't connect: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.

To me both messages look like the trusted CA cert (directory) is not
properly configured.

> I had the same problem with LUMA and that problem went away when I put the
> starttls=critical in the chain-idassert-bind

Hmm, are you sure you didn't add "tls_cacertdir=/etc/openldap/cacerts"
to chain-idassert-bind at the same time when testing?

Ciao, Michael.