[Date Prev][Date Next]
Re: CA and Intermediate Certificates
Chris Jacobs wrote:
Put your intermediate cert and CA cert in the TLSCACertificateFile specified by your slapd.conf (or olsTLSCA... if using slapd.d).
And the server will include the chain correctly automagically. :)
openssl s_client -connect [host]:636 -showcerts </dev/null
From that, you should see the chain.
FWIW: I looked at the later mentioned FMs and Admin Guide and none seem
include the word 'chain' (except for chaining - a different topic), which is
how I would look to see how to configure or verify the server will include the
chain. The issue of chains is either not addressed or talked about in a way
that isn't obvious or simply hard to find.
220.127.116.11 is pretty explicit.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/