I believe your client has to know about your CA. Try adding (instead of "TLS_REQCERT allow"): TLS_CACERT /path/to/cacert/cacert.pem On Thu, 2003-06-26 at 13:03, Lawrence, Mike (White Plains) wrote: > ldap_bind: Can't contact LDAP server (81) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed >