[Date Prev][Date Next]
Re: Server Certificate Chain
Read the Admin Guide, section 220.127.116.11.
Krasimir Ganchev wrote:
I am using a globally recognized certificate with my openldap server
which is issued by a Child CA trusted by the Root CA of my certificate
provider. Is there any possible way to include the Child CA certificate
within the server certificate chain?
The thing is that I have couple of windows based clients using my
openldap server and I can't make them verify the server certificate. The
Root CA is included in the trusted Root CAs Windows store, but since the
Child CA ain't there and doesn't appear in the certificate chain the
clients could not verify the server certificate and give up with an
error unless they are being configured to ignore errors.
That's the reason why I would like to include the Child CA /Signing CA/
certificate within the server certificate chain which will allow those
clients to confirm server's certificate and its signing CA certificate
against the trusted root CA.
Is there any possible way to achieve that and is it up to configuration?
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/