conn=31 op=-1 fd=67 closed - Peer does not recognize and trust the CA that issued your certificate. I've been trying to get client authentication via ssl working for quite a while now. I've tried generating my own CA via openssl, creating a self-signed ssl cert, importing CA cert via the interface, converting the client ssl to pkcs12 format, importing it via the interface, and trying to run a 'ldapsearch' using the cert (non-pkcs12 format) on the client machine but get the above error. I've also tried clearing the whole DB, regenerating everything (CA cert, and server client cert), and generating a client cert for a test machine with this: /serverRoot/shared/bin/certutil -S -n "hostname-Cert" -s "cn=server-cert" -c "CA certificate" -t "u,u,u" -m 1002 -v 120 -d . -z noise.txt -f pwdfile.txt then running this: '../shared/bin/certutil -L -d /opt/fedora-ds/alias/ -n "hostname-test-Cert"' and putting that in a ssl cert file on the client, '/root/client.crt', using this as an ldap.conf file: host ***.***.***.*** base dc=test,dc=testdomain,dc=com uri ldap://***.***.***.*** ldap_version 3 port 636 pam_filter objectclass=posixAccount pam_login_attribute uid ssl start_tls ssl on tls_cert /root/client.crt pam_password md5 And testing again with ldapsearch. But I still get the above error. Does anyone have any ideas why this is happening, as I'm at a loss. Thanks.
