Monday, April 5, 2021

[389-users] Cert Problems with dsidm

We have/had a working 389 directory server running on Centos 8. It was
working fine, and for the most part, it still is. We can sucessfully
manage it through the cockpit service. We can successfully manage the
directory with ApacheDirectoryStudio. ldapsearch/ldapmodify works fine.

But it appears that sometime in the last month or two, when we use the
command dsidm, we have started getting a cert error. Again, it is only
with dsidm.

The error we get is:

Error: Can't contact LDAP server - error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)

I can't figure out where it is seeing this self-signed cert. When I run
dsidm commands with "-v", I see the following:

DEBUG: Using dirsrv ca certificate /etc/dirsrv/slapd-{instance_name}
DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}
DEBUG: Using external ca certificate /etc/dirsrv/slapd-{instance_name}

But we have our certs in that directory. And there are no self-signed
certs in our cert or its intermediate and root certs. The cert is a
GoDaddy cert.

How can I find out what cert dsidm is reading, so as to resolve this

389-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:
Do not reply to spam on the list, report it:

No comments:

Post a Comment