[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Intermediate certificates not being sent
- To: openldap-technical@openldap.org
- Subject: Intermediate certificates not being sent
- From: Nat Sincheler <fai1107@macrotex.net>
- Date: Mon, 25 Jul 2016 10:06:23 -0700
- User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
We have an OpenLDAP server that is listening on port 636 over ldaps.
When I run
openssl s_client -showcerts -connect ldap-server:636
I only see the host certificate. The intermediate and root certificates
do *not* come through.
For this server I have in the file slapd.d/cn=config.ldif the setting
olcTLSCACertificatePath: /etc/ssl/certs
I checked and all the intermediate and root certificates are in
/etc/ssl/certs soft-linked via the usual OpenSSL rehash hash, e.g.,
lrwxrwxrwx 1 root root 42 Jul 14 19:03 b4261fc2.0 ->
/etc/ssl/certs/incommon-usertrust-2024.pem
Any idea why the intermediate and root certificates do not get sent to
the LDAPS client? Is there something in the LDAP log that might give me
a clue as to what is going on?