--On Tuesday, August 08, 2006 10:28 PM -0600 "Berg, Michael"
<[EMAIL PROTECTED]> wrote:
Does it work if you use "-h localhost" (similar to what you were doing
with the openssl command)?
Generally, you must provide the fully qualified domain name to the "-h"
parameter for SSL/TLS to work.
For example, "-h ldap" doesn't work for me, but "-h ldap.stanford.edu"
does.
My FQDN is "server.misumasu.dyndns.org", which also has a CNAME of
"ldap.misumasu.dyndns.org" (this CNAME is what the SSL cert is issued to).
Okay, hm. Can you try this, preferably with daemontools:
/usr/bin/setuidgid openldap /bin/cat </path/to/certs/certfiles>
for every cert you believe the server should be able to read. It really
seems like the "openldap" user/group doesn't have permission to something
that it should.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
