--On Wednesday, January 29, 2025 1:40 PM +0000 BECOT Jérôme <[email protected]> wrote:
Sorry for the delay I'm quite buisy. Do you still have the same messages in the logs ? On both backend and proxy side. You may want to remove tls_cacertdir=/etc/ssl/certs from idassert-bind config because it uses tls_cacert. Can you give both backend and proxy logs when you're trying to connect via the proxy ?
Either option is valid. One accepts any cert in the listed directory, the other takes a reference to a specific file. From the man page:
[tls_cacert=<file>] [tls_cacertdir=<path>] --Quanah
