[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL server certificate that has an intermediary certificate in the chain



On Fri, 29 Jul 2011, Francis Swasey wrote:
> I have searched the faq-o-matic, google, the admin guide, and I cannot 
> find any documentation that will allow me to set up my OpenLDAP 2.4.25 
> server using an SSL certificate that was issued from a CA that uses 
> intermediate certificates (by, which I mean to indicate any commercial 
> SSL cert company currently selling certs).
> 
> Apache has the SSLCertificateChainFile directive to handle this.  
> OpenLDAP seems to be lacking this functionality.
> 
> I have tried placing both the server certificate and the intermediate 
> certificate in the same file.  OpenLDAP won't start if I put the 
> intermediate certificate first, and openssl fails to verify the 
> certificate chain if I put the server certificate first in the file.
> 
> Have I missed something obvious or has OpenLDAP really forced me into 
> the position of needing to add the intermediate certificate from my SSL 
> CA Vendor into my trusted store on all my clients?

It's a CA cert; have you tried adding it to the file specified by the 
TLSCACertificateFile option?


Philip Guenther