Two questions: 1. I have generated self-signed ssl/ca certs trying both the "certutil" method from the redhat doc and also the standard "openssl x509 req -new" method. After installing the certs and enabling secure ldaps replication both result in slapi_ldap_bind - Error: could not send bind request for id [cn=replication manager,cn=config] mech [SIMPLE]: error 81 (Can't contact LDAP server) -8172 (Peer's certificate issuer has been marked as not trusted by the user.) 11 (Resource temporarily unavailable) Is there a known issue with self-signed certs? 2. If there is an issue with the above, we may end up purchasing a wildcard cert for replicating across subdomains. I know in the HTML world some web browsers complain about ssl wildcard certs across subdomains. Any possible issues with this approach? ldaps://supplier_ldap.mycompany.com----> ldaps://consumer_ldap.dev.mycompany.com -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
