-----Original Message-----
From: Rich Megginson [mailto:rich.megginson@gmail.com]
Sent: Monday, February 27, 2012 10:57 AM
To: Aaron Bennett
Cc: openldap-technical@openldap.org
Subject: Re: Mozilla NSS -- how to deploy intermediate certificate
Rich, can you give me some more direction on how to verify that the intermediate certificate is properly deployed?
On the client:
certutil -d /path/to/nss-cert-db-directory -L
--------------
Rich, you aren't getting what I'm asking...
If I run: "certutil -d /etc/openldap/nssdb/ -L " on the server, it works, and if I try to connect to it from the server using the ldap clients (like ldapwhomi or ldapsearch or whatever) it works.
But, the client is a different computer, in this case, a Windows 7 box running Apache Directory Studio, or an ubuntu workstation running GnuTLS, or whatever, and they don't work -- I get " TLS: peer cert untrusted or revoked (0x42)."