[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: TLS verify errors
Failure on just CAcert could be ownership/permission problems (file vs app). If
there is more than one CA in the "certificate chain", then a single CAcert might
not succeed. If OS X has "ktrace" (or equivalent), it might help to identify
what is being looked for when single CAcert directive is used.
Quanah Gibson-Mount wrote:
> --On Thursday, August 16, 2007 2:42 PM +0200 Hallvard B Furuseth
> <h.b.furuseth@usit.uio.no> wrote:
>
>> Quanah Gibson-Mount writes:
>>> TLS_CACERT /opt/zimbra/conf/ca/ca.pem
>>> (...)
>>> If I change it to TLS_CACERTDIR and adjust to a path, (...)
>>
>> If I remember correctly TLS_CACERTDIR needs to be set up with some
>> OpenSSL magic, it's not just a directory into which you can drop
>> certificate files. Maybe the reverse is true as well, and a cert
>> from a TLS_CACERTDIR does not work in TLS_CACERT.
>
>
> Thank you both for your responses. Interestingly enough, slapd will
> start, and STARTTLS will work, if I create the hash and use TLSCACERTDIR.
>
> However, why won't it work if I use TLS_CACERT <file> ? It should be
> perfectly valid, and that actually works for me on every other platform
> I use (Linux). The only one where this doesn't work is on MAC OS X.
> Must be a Mac specific bug I guess.