[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL server certificate that has an intermediary certificate in the chain



I have searched the faq-o-matic, google, the admin guide, and I cannot find any documentation
that will allow me to set up my OpenLDAP 2.4.25 server using an SSL certificate that was issued
from a CA that uses intermediate certificates (by, which I mean to indicate any commercial SSL
cert company currently selling certs).

Apache has the SSLCertificateChainFile directive to handle this.   OpenLDAP seems to be lacking
this functionality.

I have tried placing both the server certificate and the intermediate certificate in the same
file.  OpenLDAP won't start if I put the intermediate certificate first, and openssl fails to
verify the certificate chain if I put the server certificate first in the file.

Have I missed something obvious or has OpenLDAP really forced me into the position of needing
to add the intermediate certificate from my SSL CA Vendor into my trusted store on all my clients?

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)


Attachment: signature.asc
Description: OpenPGP digital signature