[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Server Certificate Chain

Read the Admin Guide, section

Krasimir Ganchev wrote:
Hello guys,

I am using a globally recognized certificate with my openldap server which is issued by a Child CA trusted by the Root CA of my certificate provider. Is there any possible way to include the Child CA certificate within the server certificate chain?

The thing is that I have couple of windows based clients using my openldap server and I can't make them verify the server certificate. The Root CA is included in the trusted Root CAs Windows store, but since the Child CA ain't there and doesn't appear in the certificate chain the clients could not verify the server certificate and give up with an error unless they are being configured to ignore errors.

That's the reason why I would like to include the Child CA /Signing CA/ certificate within the server certificate chain which will allow those clients to confirm server's certificate and its signing CA certificate against the trusted root CA.

Is there any possible way to achieve that and is it up to configuration?

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/