>>> Nat Sincheler <[email protected]> schrieb am 25.07.2016 um 19:06 in Nachricht <[email protected]>: > We have an OpenLDAP server that is listening on port 636 over ldaps. > When I run > > openssl s_client -showcerts -connect ldap-server:636 > > I only see the host certificate. The intermediate and root certificates > do *not* come through.
If I di that on one of outr servers, I get: Root CA Intermediate CA Server Certificate ... New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit > > For this server I have in the file slapd.d/cn=config.ldif the setting > > olcTLSCACertificatePath: /etc/ssl/certs Hi! Here it works with these settings: olcTLSCACertificatePath: /etc/ssl/certs olcTLSCertificateFile: /etc/ssl/servercerts/slapd.pem olcTLSCertificateKeyFile: /etc/ssl/private/slapd.key Could it be a permissions problem? Did you try to check the certificate chain with openssl (preferrable as LDAP user)? Regards, Ulrich > > I checked and all the intermediate and root certificates are in > /etc/ssl/certs soft-linked via the usual OpenSSL rehash hash, e.g., > > lrwxrwxrwx 1 root root 42 Jul 14 19:03 b4261fc2.0 -> > /etc/ssl/certs/incommon-usertrust-2024.pem > > Any idea why the intermediate and root certificates do not get sent to > the LDAPS client? Is there something in the LDAP log that might give me > a clue as to what is going on?
