ldap_start_tls: Connect error (-11)
additional info: TLS error -8172:Peer's certificate issuer
has been marked as not trusted by the user.
This means that the given cert wasn't signed by any trusted certificate.
[[Rod's comment]] Can I sign it by using the CA I downloaded from
Geotrust?
Was your LDAP SSL server cert issued by Geotrust?
If so, what's in /etc/openldap/cacerts/53515bcb.0?
Looking at the error message, which maps to SEC_ERROR_UNTRUSTED_ISSUER,
NSS either found a self-signed root that had not been marked as trusted,
or NSS found an intermediate cert that was explicitly marked as
untrusted. I don't think the RHEL 6.4 version of libpem supports marking
certs as explicitly untrusted, so I suspect that you have the Geotrust
cert loaded from somewhere, but it's not marked as trusted.
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
