--- Richard Megginson <rmeggins(a)redhat.com> wrote:
The SSL client (in this case, the replication supplier) still needs
verify the SSL server (in this case, the replication consumer)
certificate in order for SSL to work. It should be sufficient for the
supplier to have the certificate of the CA that issued the consumer's
certificate in its cert db.
I understand. Where is the cert db? Is that controled by /etc/openldap/ldap.conf?
took *.db from the consumser's /opt/fedora-ds/alias, copied them over to the location
TLS_CACERTDIR (/etc/openldap/cacerts) and still got the same error.
On the supplier:
[root@cnyldap01 cacerts]# ll
-rw------- 1 root root 65536 Jan 18 13:48 slapd-cnjldap01-cert8.db
-rw------- 1 root root 16384 Jan 18 13:48 slapd-cnjldap01-key3.db
On the consumer (cnjldap01) still:
[18/Jan/2006:13:50:21 -0500] conn=22 fd=65 slot=65 SSL connection from 220.127.116.11 to
[18/Jan/2006:13:50:21 -0500] conn=22 op=-1 fd=65 closed - SSL peer cannot verify your
What am I doing wrong?
Thank you for your help...
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around