-----Original Message----- From: Rich Megginson [mailto:[email protected]] Sent: Monday, February 27, 2012 10:57 AM To: Aaron Bennett Cc: [email protected] Subject: Re: Mozilla NSS -- how to deploy intermediate certificate
> Rich, can you give me some more direction on how to verify that the > intermediate certificate is properly deployed? On the client: certutil -d /path/to/nss-cert-db-directory -L -------------- Rich, you aren't getting what I'm asking... If I run: "certutil -d /etc/openldap/nssdb/ -L " on the server, it works, and if I try to connect to it from the server using the ldap clients (like ldapwhomi or ldapsearch or whatever) it works. But, the client is a different computer, in this case, a Windows 7 box running Apache Directory Studio, or an ubuntu workstation running GnuTLS, or whatever, and they don't work -- I get " TLS: peer cert untrusted or revoked (0x42)."
