Hello:
I am trying to get TLS working on openldap-2.3.20. when I initiate a search, the debug info at the server indicates "unknown_ca". According to RFC 2246, this means that the "CA certificate could not be located or couldn't be matched with a known, trusted CA". My question: Isn't the slapd.conf "TLSCACertificateFile" directive what tells slapd which CA to trust? If so, why isn't it working?
See the Admin Guide http://www.openldap.org/doc/admin23/tls.html
You need to configure the client.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/