Am 09.02.2017 um 20:54 schrieb Quanah Gibson-Mount: > Please see the slapd.conf(5) or slapd.conf(5) man pages, which clearly state: > > TLSCACertificateFile <filename> > Specifies the file that contains certificates for all of the > Certificate Authorities that slapd will recognize. > > Note "That *slapd* will recognize". The server cannot and will not provide > the cert chains to clients as that is a massive security risk. Clients can > and must be configured with the list of CAs *they* will trust when the server > provides the cert. that's not the issue. A TLS server sent it's certificate and all intermediates EXCLUDING the self signed root to the client. This is not true for my setup and I don't know why: misconfiguration or wrong ssl implementation.
Andreas
