Hi! I used "openssl verify" to verify both certificates, using both, -CApath and -CAfile, and both certificates were "OK". I ran those commands as "root", but I also verified that certificate and key can be read as "ldap".
Kind regards, Ulrich Windl > -----Original Message----- > From: Philip Guenther <[email protected]> > Sent: Thursday, March 6, 2025 8:48 AM > To: Windl, Ulrich <[email protected]> > Cc: [email protected]; [email protected] > Subject: [EXT] RE: Re: Getting details for "TLS trace: SSL3 alert > read:fatal:unsupported certificate" > > On Wed, 5 Mar 2025, Windl, Ulrich wrote: > > thanks! Actually that's what I did: Comparing the data of the certificate > > that > worked with that which does not. > > I could not find any relevant difference. > > The error being reported is from the OpenSSL library, not from OpenLDAP > itself. The certs, or some CA the failing cert would chain through, are > different in some way that _is_ relevant. > > > Philip Guenther
