--- Richard Megginson <rmeggins@xxxxxxxxxx> wrote: > The SSL client (in this case, the replication supplier) still needs to > verify the SSL server (in this case, the replication consumer) > certificate in order for SSL to work. It should be sufficient for the > supplier to have the certificate of the CA that issued the consumer's > certificate in its cert db. I understand. Where is the cert db? Is that controled by /etc/openldap/ldap.conf? Because I took *.db from the consumser's /opt/fedora-ds/alias, copied them over to the location specified by TLS_CACERTDIR (/etc/openldap/cacerts) and still got the same error. On the supplier: [root@cnyldap01 cacerts]# ll total 84 -rw------- 1 root root 65536 Jan 18 13:48 slapd-cnjldap01-cert8.db -rw------- 1 root root 16384 Jan 18 13:48 slapd-cnjldap01-key3.db On the consumer (cnjldap01) still: [18/Jan/2006:13:50:21 -0500] conn=22 fd=65 slot=65 SSL connection from 149.85.70.110 to 149.85.86.65 [18/Jan/2006:13:50:21 -0500] conn=22 op=-1 fd=65 closed - SSL peer cannot verify your certificate. What am I doing wrong? Thank you for your help... __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
