Re: SSL server certificate that has an intermediary certificate in the chain

[Frank Swasey <Frank.Swasey@uvm.edu>]

On 7/29/11 3:09 PM, Philip Guenther wrote:
> On Fri, 29 Jul 2011, Francis Swasey wrote:
> > I have tried placing both the server certificate and the intermediate
> > certificate in the same file.  OpenLDAP won't start if I put the
> > intermediate certificate first, and openssl fails to verify the
> > certificate chain if I put the server certificate first in the file.
> >
> > Have I missed something obvious or has OpenLDAP really forced me into
> > the position of needing to add the intermediate certificate from my SSL
> > CA Vendor into my trusted store on all my clients?
> It's a CA cert; have you tried adding it to the file specified by the
> TLSCACertificateFile option?

Well, I never looked at it that way.  Yes, adding the intermediate 
certificate to the file pointed to by the TLSCACertificateFile option on 
the OpenLDAP server appears to have worked.

Thanks,
  Frank