[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Certificate verification: "openssl" return ok, while "getent passwd" returns error



Hello all.


I'm faced with an openssl issue I'm not sure how to debug. In the
"/etc/ldap.conf" file on my RHEL server I've set "tls_checkpeer" to "yes",
and find that running "openssl s_client -connect <ldapserver>:636 -showcerts
-CAfile CA-certificate.crt" returns ok (i.e "verified), while issuing "getent
passwd someuser" returns "TLS certificate verification: Error, certificate
signature failure". Both "ldap.conf" and the openssl-command above points to
the same "CA-certificate.crt" file. I don't understand how come the openssl
command accepts the certificate, while the getent command doesn't. Any
advice on how to proceed debugging this is greatly appreciated.


Regards,
Kenneth Holter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]