[389-users] SSL Cert Issue
John Mancuso
jkmancuso at gmail.com
Thu Sep 9 02:45:10 UTC 2010
Two questions:
1. I have generated self-signed ssl/ca certs trying both the
"certutil" method from the redhat doc and also the standard "openssl
x509 req -new" method. After installing the certs and enabling secure
ldaps replication both result in
slapi_ldap_bind - Error: could not send bind request for id
[cn=replication manager,cn=config] mech [SIMPLE]: error 81 (Can't
contact LDAP server) -8172 (Peer's certificate issuer has been marked
as not trusted by the user.) 11 (Resource temporarily unavailable)
Is there a known issue with self-signed certs?
2. If there is an issue with the above, we may end up purchasing a
wildcard cert for replicating across subdomains. I know in the HTML
world some web browsers complain about ssl wildcard certs across
subdomains. Any possible issues with this approach?
ldaps://supplier_ldap.mycompany.com----> ldaps://consumer_ldap.dev.mycompany.com
More information about the 389-users
mailing list