I am trying to create a SAN cert in order to cover both of my Master LDAPS
servers.
I was hoping to have the following:
hqdirsrv1\
hqdirsrv
hqdirsrv2/
This will allow some of the older code to reference a single LDAP/S server
and not completely rely one instance.
- Creating a normal SSL cert works perfectly fine from my self signed CA.
Fully functional server
- Creating a SAN cert, exporting it, and importing it to the two Masters
works fine.
- In the Admin GUI, Manage Certificates shows the proper SAN certificate
and proper CA associated with this SAN cert.
- Starting (or restarting after saving the encryption stuff) the directory
server succeeds, but with the following error:
[root@hqdirsrv1 slapd-hqdirsrv1]# service dirsrv start
Starting dirsrv:
hqdirsrv1...[25/Jun/2013:11:55:45 -0400] - SSL alert:
CERT_VerifyCertificateNow: verify certificate failed for cert
Server-Cert-hqdirsrv-SAN of family cn=RSA,cn=encryption,cn=config (Netscape
Portable Runtime error -8172 - Peer's certificate issuer has been marked as
not trusted by the user.)
[ OK ]
Am I missing a cert or setting for a cert anywhere?
Because this is in dev right now, I trashed my old instance and started
fresh without any ldif imports, etc...same results.