Thanks but unfortunately even after don't that I still get the complaint that they're is a self signed certificate in the chain. We do indeed run our own CA but it seems like that should not really be a problem.
On Fri, Aug 2, 2019, 15:13 Achim Gratz <strom...@nexgo.de> wrote: > David Goldberg writes: > > I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now > > ldapsearch will not connect, complaining that the server provided > > certificate is self signed. I have set up /etc/pki with my company's > > certificate chain and that allows 2.4.42-1 (and earlier) and other > > applications to properly authenticate local services. > > The PKI layout was slightly changed a while ago and the newer openssl > library used by the fresh openldap build may not pick up on the old > locations anymore. What you should do is place the certificates into > the /etc/pki/ca-trust/source/anchors/ directory, then run > > # update-ca-trust extract > > which should correctly populate the directories that the libaries and > applications use. > > > > Regards, > Achim. > -- > +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ > > Wavetables for the Terratec KOMPLEXER: > http://Synth.Stromeko.net/Downloads.html#KomplexerWaves > > -- > Problem reports: http://cygwin.com/problems.html > FAQ: http://cygwin.com/faq/ > Documentation: http://cygwin.com/docs.html > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > > -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
