Mathias Gug wrote: > One workaround is to put all of the CA certs in the trusted CA > certificate file.
Yes, that is what we have had to do. The real fix is to get the gnutls people to support certificate directories, like OpenSSL. Why the rush to convert to gnutls when it has so many issues. (Licencing issues are low on my list of reasons.) > > If the system running slapd is on hardy (or intrepid or jaunty) you > should also add all of the CA certificates to the server certificate > file - this is to workaround a bug where the slapd daemon doesn't send > all of the CA certificates to the client. All or just the intermediate certificates? Another issue with gnutls, no intermediate file (or directory) of certificates. > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- gnutls regression: failure in certificate chain validation https://bugs.launchpad.net/bugs/305264 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs