This is the mail archive of the
mailing list for the Cygwin project.
Re: Openldap 2.4.48-1 vs my company's pki
- From: David Goldberg <dsg18096 at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 2 Aug 2019 16:08:19 -0400
- Subject: Re: Openldap 2.4.48-1 vs my company's pki
- References: <CAN9EdkY=zrEv31+PD8XXu9rVw4H_eXLEoMk5u=7H02Q1Xu7-Wg@mail.gmail.com> <87ftmje5zb.fsf@Rainer.invalid>
Thanks but unfortunately even after don't that I still get the complaint
that they're is a self signed certificate in the chain. We do indeed run
our own CA but it seems like that should not really be a problem.
On Fri, Aug 2, 2019, 15:13 Achim Gratz <Stromeko@nexgo.de> wrote:
> David Goldberg writes:
> > I updated openldap from 2.4.42-1 to 2.4.48-1 this morning and now
> > ldapsearch will not connect, complaining that the server provided
> > certificate is self signed. I have set up /etc/pki with my company's
> > certificate chain and that allows 2.4.42-1 (and earlier) and other
> > applications to properly authenticate local services.
> The PKI layout was slightly changed a while ago and the newer openssl
> library used by the fresh openldap build may not pick up on the old
> locations anymore. What you should do is place the certificates into
> the /etc/pki/ca-trust/source/anchors/ directory, then run
> # update-ca-trust extract
> which should correctly populate the directories that the libaries and
> applications use.
> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
> Wavetables for the Terratec KOMPLEXER:
> Problem reports: http://cygwin.com/problems.html
> FAQ: http://cygwin.com/faq/
> Documentation: http://cygwin.com/docs.html
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple