Re: Server Certificate Chain

[Howard Chu <hyc@symas.com>]

Read the Admin Guide, section 12.2.1.1.

Krasimir Ganchev wrote:
> Hello guys,
>
>  
>
> I am using a globally recognized certificate with my openldap server 
> which is issued by a Child CA trusted by the Root CA of my certificate 
> provider. Is there any possible way to include the Child CA certificate 
> within the server certificate chain?
>
>  
>
> The thing is that I have couple of windows based clients using my 
> openldap server and I can't make them verify the server certificate. The 
> Root CA is included in the trusted Root CAs Windows store, but since the 
> Child CA ain't there and doesn't appear in the certificate chain the 
> clients could not verify the server certificate and give up with an 
> error unless they are being configured to ignore errors.
>
>  
>
> That's the reason why I would like to include the Child CA /Signing CA/ 
> certificate within the server certificate chain which will allow those 
> clients to confirm server's certificate and its signing CA certificate 
> against the trusted root CA.
>
>  
>
> Is there any possible way to achieve that and is it up to configuration?


--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/