>> command: openssl s_client -connect server.name.ac.uk:636 -verify 5 >> result: Verify return code: 19 (self signed certificate in certificate chain) >> >> command: openssl s_client -connectserver.name.ac.uk:636 -verify 5 >> -CApath /etc/pki/tls/certs >> result: Verify return code: 0 (ok) >> >> Obviously that didn't work, hence the call for help. >>
>Could you clarify what the problem is? The results you show seem perfectly normal. Problem is openSSL only seems to work if I explicitly pass it the location of the certificates with the -Capath switch. It doesn't seem able to find them on it's own. This creates a problem for OpenLDAP when I am trying to query an LDAP server via ssl/tls. example: /usr/bin/ldapsearch -H "ldaps://server.name.ac.uk" result: Can't contact LDAP server <snip> certificate verify failed. I am assuming that openssl's inability to find hashed certificates for globalsign (whose certificates are used on the LDAP server) results in OpenLDAP not being able to authenticate the LDAP server's certificates. Perhaps I am misunderstanding what is going on and that the OpenLDAP problem is not related to what I perceive to be an openSSL problem. Regards Leigh Silvester This message has been checked for viruses but the contents of an attachment may still contain software viruses, which could damage your computer system: you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
