Actually, trusting the certificate made everything worse. # trust list | grep ISRG\ Root\ X1 yielded the same certificate twice, and the supplier was then unable to connect to the consumer (or itself), yielding "unable to get issuer certificate" (so not only when replicating, but also when using ldapsearch etc.). To fix this, I needed to execute: # rm /etc/pki/ca-trust/source/*.p11-kitt # update-ca-trust Now, I am again faced with the original problem (but luckily, only that one). _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
