Openldap 2.4.48-1 vs my company's pki
David Goldberg
dsg18096@gmail.com
Fri Aug 2 20:08:00 GMT 2019
Thanks but unfortunately even after don't that I still get the complaint
that they're is a self signed certificate in the chain. We do indeed run
our own CA but it seems like that should not really be a problem.
On Fri, Aug 2, 2019, 15:13 Achim Gratz <Stromeko@nexgo.de> wrote:
> David Goldberg writes:
> > I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now
> > ldapsearch will not connect, complaining that the server provided
> > certificate is self signed. I have set up /etc/pki with my company's
> > certificate chain and that allows 2.4.42-1 (and earlier) and other
> > applications to properly authenticate local services.
>
> The PKI layout was slightly changed a while ago and the newer openssl
> library used by the fresh openldap build may not pick up on the old
> locations anymore. What you should do is place the certificates into
> the /etc/pki/ca-trust/source/anchors/ directory, then run
>
> # update-ca-trust extract
>
> which should correctly populate the directories that the libaries and
> applications use.
>
>
>
> Regards,
> Achim.
> --
> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
>
> Wavetables for the Terratec KOMPLEXER:
> http://Synth.Stromeko.net/Downloads.html#KomplexerWaves
>
> --
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>
>
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list